Weekly Vulnerabilities Reports > March 13 to 19, 2017

Overview

373 new vulnerabilities reported during this period, including 38 critical vulnerabilities and 71 high severity vulnerabilities. This weekly summary report vulnerabilities in 571 products from 103 vendors including Microsoft, Mcafee, Cisco, Debian, and Qemu. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Cross-site Scripting", "Improper Input Validation", and "Out-of-bounds Read".

  • 295 reported vulnerabilities are remotely exploitables.
  • 81 reported vulnerabilities have public exploit available.
  • 61 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 339 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 141 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 29 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

38 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-17 CVE-2017-3881 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.

10.0
2017-03-15 CVE-2017-3831 Cisco Improper Authentication vulnerability in Cisco Aironet Access Point Software

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication.

10.0
2017-03-14 CVE-2017-3003 Adobe
Apple
Google
Linux
Microsoft
USE After Free vulnerability in Adobe Flash Player

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object.

10.0
2017-03-14 CVE-2017-3002 Adobe
Apple
Google
Linux
Microsoft
USE After Free vulnerability in Adobe Flash Player

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property.

10.0
2017-03-14 CVE-2017-3001 Adobe
Apple
Google
Linux
Microsoft
USE After Free vulnerability in Adobe Flash Player

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM.

10.0
2017-03-14 CVE-2017-2999 Adobe
Apple
Google
Linux
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface.

10.0
2017-03-14 CVE-2017-2998 Adobe
Apple
Google
Linux
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions.

10.0
2017-03-14 CVE-2017-2997 Adobe
Apple
Google
Linux
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information.

10.0
2017-03-14 CVE-2013-4659 Asus
Trendnet
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916.

10.0
2017-03-14 CVE-2014-9921 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Cloud Analysis and Deconstructive Services 1.0.0.3/1.0.0.4D

Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error.

9.7
2017-03-17 CVE-2017-0148 Microsoft Improper Input Validation vulnerability in Microsoft Server Message Block 1.0

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.

9.3
2017-03-17 CVE-2017-0146 Microsoft Improper Input Validation vulnerability in Microsoft Server Message Block 1.0

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.

9.3
2017-03-17 CVE-2017-0145 Microsoft Improper Input Validation vulnerability in Microsoft Server Message Block 1.0

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.

9.3
2017-03-17 CVE-2017-0144 Microsoft Improper Input Validation vulnerability in Microsoft Server Message Block 1.0

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

9.3
2017-03-17 CVE-2017-0143 Microsoft Improper Input Validation vulnerability in Microsoft Server Message Block 1.0

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

9.3
2017-03-17 CVE-2017-0108 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.

9.3
2017-03-17 CVE-2017-0104 Microsoft Integer Overflow OR Wraparound vulnerability in Microsoft products

The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability."

9.3
2017-03-17 CVE-2017-0090 Microsoft Buffer Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089.

9.3
2017-03-17 CVE-2017-0089 Microsoft Buffer Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090.

9.3
2017-03-17 CVE-2017-0088 Microsoft Buffer Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."

9.3
2017-03-17 CVE-2017-0087 Microsoft Buffer Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

9.3
2017-03-17 CVE-2017-0086 Microsoft Buffer Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

9.3
2017-03-17 CVE-2017-0084 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

9.3
2017-03-17 CVE-2017-0083 Microsoft Buffer Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

9.3
2017-03-17 CVE-2017-0072 Microsoft Buffer Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

9.3
2017-03-17 CVE-2017-0053 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.

9.3
2017-03-17 CVE-2017-0052 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053.

9.3
2017-03-17 CVE-2017-0039 Microsoft DLL Loading Local Privilege Escalation vulnerability in Microsoft Windows Server 2008 and Windows Vista

Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability."

9.3
2017-03-17 CVE-2017-0031 Microsoft Buffer Errors vulnerability in Microsoft Office, Office Compatibility Pack and Word

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053.

9.3
2017-03-17 CVE-2017-0030 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

9.3
2017-03-17 CVE-2017-0020 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Excel and Office web Apps

Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

9.3
2017-03-17 CVE-2017-0019 Microsoft Buffer Errors vulnerability in Microsoft Word 2016

Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

9.3
2017-03-17 CVE-2017-0006 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

9.3
2017-03-14 CVE-2017-6903 Ioquake3 Unspecified vulnerability in Ioquake3 20170227

In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions.

9.3
2017-03-16 CVE-2017-6023 Fatek Automation Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fatek Automation products

An issue was discovered in Fatek Automation PLC Ethernet Module.

9.0
2017-03-15 CVE-2017-3819 Cisco Missing Authentication for Critical Function vulnerability in Cisco ASR 5000 Series Software and Virtualized Packet Core

A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access.

9.0
2017-03-14 CVE-2017-6398 Trendmicro Remote Code Execution vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.11600

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600.

9.0
2017-03-13 CVE-2017-5675 Embedthis Command Injection vulnerability in Embedthis Goahead

A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models.

9.0

71 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-15 CVE-2017-3854 Cisco Improper Authentication vulnerability in Cisco Wireless LAN Controller Firmware

A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology.

8.3
2017-03-17 CVE-2017-0095 Microsoft Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016

Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021.

7.9
2017-03-14 CVE-2016-10252 Imagemagick Resource Management Errors vulnerability in Imagemagick

Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.

7.8
2017-03-17 CVE-2017-0021 Microsoft Memory Corruption vulnerability in Microsoft Windows Hyper-V

Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095.

7.7
2017-03-17 CVE-2017-0151 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0150 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0149 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.

7.6
2017-03-17 CVE-2017-0141 Microsoft Scripting Engine Remote Memory Corruption vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0138 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0137 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0136 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0134 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0133 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0132 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0131 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0130 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9

The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0040.

7.6
2017-03-17 CVE-2017-0094 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0071 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0070 Microsoft USE After Free vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0067 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0040 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9

The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0130.

7.6
2017-03-17 CVE-2017-0035 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0034 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.

7.6
2017-03-17 CVE-2017-0032 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0023 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 and R2; Windows RT 8.1; and Windows 10, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."

7.6
2017-03-17 CVE-2017-0018 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149.

7.6
2017-03-17 CVE-2017-0015 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-17 CVE-2017-0014 Microsoft Remote Code Execution vulnerability in Microsoft Windows Graphics Component

The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108.

7.6
2017-03-17 CVE-2017-0010 Microsoft Scripting Engine Remote Memory Corruption vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

7.6
2017-03-18 CVE-2016-10253 Erlang Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Erlang Erlang/Otp

An issue was discovered in Erlang/OTP 18.x.

7.5
2017-03-17 CVE-2017-7174 Chef Manage Project Remote Code Execution vulnerability in Chef Manage

The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code.

7.5
2017-03-17 CVE-2017-6880 Cerberus Buffer Errors vulnerability in Cerberus FTP Server 8.0.10.3

Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.

7.5
2017-03-17 CVE-2015-3884 Qdpm Unrestricted Upload of File With Dangerous Type vulnerability in Qdpm 8.3

Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.

7.5
2017-03-17 CVE-2014-9852 Imagemagick
Opensuse
Suse
Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

7.5
2017-03-17 CVE-2014-8708 Pluck CMS Permissions, Privileges, and Access Controls vulnerability in Pluck-Cms Pluck 4.7.2

Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.

7.5
2017-03-17 CVE-2014-8705 Wondercms Improper Input Validation vulnerability in Wondercms 2014

PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter.

7.5
2017-03-17 CVE-2014-8704 Wondercms Path Traversal vulnerability in Wondercms 2014

Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.

7.5
2017-03-17 CVE-2017-6967 Xrdp Improper Authentication vulnerability in Neutrinolabs Xrdp 0.9.1

xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.

7.5
2017-03-16 CVE-2017-6952 Capstone Engine Integer Overflow OR Wraparound vulnerability in Capstone-Engine Capstone

Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of service (heap-based buffer overflow in a kernel driver) or possibly have unspecified other impact via a large value.

7.5
2017-03-16 CVE-2015-8981 Podofo Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Podofo Project Podofo

Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.

7.5
2017-03-15 CVE-2016-5239 Imagemagick Improper Access Control vulnerability in Imagemagick

The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.

7.5
2017-03-15 CVE-2017-5522 Debian
UMN
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.

7.5
2017-03-15 CVE-2016-7955 Alienvault Permissions, Privileges, and Access Controls vulnerability in Alienvault Ossim and Unified Security Management

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.

7.5
2017-03-15 CVE-2017-5358 Easycom Aura Buffer Errors vulnerability in Easycom-Aura Easycom for PHP 4.0.0.29

Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.

7.5
2017-03-15 CVE-2016-10195 Libevent Project
Debian
Out-Of-Bounds Read vulnerability in multiple products

The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.

7.5
2017-03-15 CVE-2016-10166 Libgd Integer Underflow (Wrap OR Wraparound) vulnerability in Libgd

Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.

7.5
2017-03-14 CVE-2016-8027 Mcafee SQL Injection vulnerability in Mcafee Epolicy Orchestrator

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.

7.5
2017-03-14 CVE-2017-5668 Bitlbee Null Pointer Dereference vulnerability in Bitlbee and Bitlbee-Libpurple

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.

7.5
2017-03-14 CVE-2016-10188 Bitlbee USE After Free vulnerability in Bitlbee

Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.

7.5
2017-03-13 CVE-2017-6080 Zammad Cross-Site Request Forgery (CSRF) vulnerability in Zammad

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers.

7.5
2017-03-13 CVE-2017-5929 Logback Deserialization of Untrusted Data vulnerability in Logback

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

7.5
2017-03-13 CVE-2017-5619 Zammad Improper Authentication vulnerability in Zammad

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1.

7.5
2017-03-17 CVE-2017-0109 Microsoft Improper Input Validation vulnerability in Microsoft products

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0075.

7.4
2017-03-17 CVE-2017-0075 Microsoft Remote Code Execution vulnerability in Microsoft Windows Hyper-V

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0109.

7.4
2017-03-19 CVE-2017-5623 Oneplus Improper Privilege Management vulnerability in Oneplus Oxygenos 4.0.3

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices.

7.2
2017-03-19 CVE-2017-7184 Linux
Canonical
Local Privilege Escalation vulnerability in Linux Kernel 4.8

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.

7.2
2017-03-17 CVE-2017-0082 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows 10 1511

The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, and CVE-2017-0081.

7.2
2017-03-17 CVE-2017-0081 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Kernel 'Win32k.sys'

The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0082.

7.2
2017-03-17 CVE-2017-0080 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Kernel 'Win32k.sys'

The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0081, and CVE-2017-0082.

7.2
2017-03-17 CVE-2017-0079 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Kernel 'Win32k.sys'

The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.

7.2
2017-03-17 CVE-2017-0078 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Kernel 'Win32k.sys'

The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082.

7.2
2017-03-17 CVE-2017-0056 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Kernel 'Win32k.sys'

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082.

7.2
2017-03-17 CVE-2017-0050 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Kernel

The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

7.2
2017-03-17 CVE-2017-0047 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Graphics

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005 and CVE-2017-0025.

7.2
2017-03-17 CVE-2017-0026 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Kernel 'Win32k.sys'

The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.

7.2
2017-03-17 CVE-2017-0025 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Graphics

The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047.

7.2
2017-03-17 CVE-2017-0024 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Kernel 'Win32k.sys'

The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.

7.2
2017-03-17 CVE-2017-0001 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows Graphics

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047.

7.2
2017-03-14 CVE-2016-8008 Mcafee
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Mcafee Security Scan Plus 2.0.181.2

Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system.

7.2
2017-03-14 CVE-2017-6516 Magnicomp Improper Input Validation vulnerability in Magnicomp Sysinfo 10H62

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges.

7.2
2017-03-17 CVE-2017-0016 Microsoft Null Pointer Dereference vulnerability in Microsoft products

Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability."

7.1

226 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-17 CVE-2017-0005 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.

6.9
2017-03-14 CVE-2015-8993 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Cloud AV, Security Scan Plus and Security Webadvisor

Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.

6.9
2017-03-14 CVE-2015-8992 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Cloud AV, Security Scan Plus and Security Webadvisor

Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.

6.9
2017-03-14 CVE-2015-8991 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Cloud AV, Security Scan Plus and Security Webadvisor

Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.

6.9
2017-03-14 CVE-2017-6874 Linux USE After Free vulnerability in Linux Kernel

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.

6.9
2017-03-18 CVE-2017-7178 Deluge
Deluge Torrent
Debian
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

CSRF was discovered in the web UI in Deluge before 1.3.14.

6.8
2017-03-17 CVE-2017-0101 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."

6.8
2017-03-16 CVE-2017-6949 Call CC Buffer Errors vulnerability in Call-Cc Chicken 4.12.0

An issue was discovered in CHICKEN Scheme through 4.12.0.

6.8
2017-03-16 CVE-2017-6381 Drupal Inclusion of Functionality From Untrusted Control Sphere vulnerability in Drupal

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution.

6.8
2017-03-15 CVE-2015-8982 GNU Integer Overflow OR Wraparound vulnerability in GNU Glibc

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

6.8
2017-03-15 CVE-2017-6429 Appneta Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Appneta Tcpreplay

Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.

6.8
2017-03-15 CVE-2016-10168 Libgd Integer Overflow OR Wraparound vulnerability in Libgd

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

6.8
2017-03-15 CVE-2017-6852 Jasper Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Jasper Project Jasper

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

6.8
2017-03-15 CVE-2017-6844 Podofo Project Buffer Errors vulnerability in Podofo Project Podofo 0.9.4

Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

6.8
2017-03-15 CVE-2017-6843 Podofo Project Buffer Errors vulnerability in Podofo Project Podofo 0.9.4

Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

6.8
2017-03-15 CVE-2017-6828 Audiofile Buffer Errors vulnerability in Audiofile 0.3.6

Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.

6.8
2017-03-15 CVE-2017-6827 Audiofile Buffer Errors vulnerability in Audiofile 0.3.6

Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file.

6.8
2017-03-15 CVE-2017-6366 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear Dgn2200 Firmware

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi.

6.8
2017-03-15 CVE-2017-6060 Artifex Buffer Errors vulnerability in Artifex Mupdf 1.10A

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc.

6.8
2017-03-15 CVE-2016-10251 Jasper Project Integer Overflow OR Wraparound vulnerability in Jasper Project Jasper

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

6.8
2017-03-15 CVE-2016-10249 Jasper Project Integer Overflow OR Wraparound vulnerability in Jasper Project Jasper

Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

6.8
2017-03-14 CVE-2016-8024 Mcafee Http Response Splitting vulnerability in Mcafee Virusscan Enterprise

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.

6.8
2017-03-14 CVE-2016-8023 Mcafee Improper Authentication vulnerability in Mcafee Virusscan Enterprise

Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.

6.8
2017-03-14 CVE-2017-2983 Adobe Untrusted Search Path vulnerability in Adobe Shockwave Player

Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability.

6.8
2017-03-13 CVE-2017-6180 Keekoonvision Cross-Site Request Forgery (CSRF) vulnerability in Keekoonvision Kk002 IP Camera Firmware 1.8.12

Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages).

6.8
2017-03-13 CVE-2017-6081 Zammad Cross-Site Request Forgery (CSRF) vulnerability in Zammad

A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1.

6.8
2017-03-13 CVE-2015-4409 Hikvision Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue.

6.8
2017-03-13 CVE-2015-4408 Hikvision Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.

6.8
2017-03-13 CVE-2015-4407 Hikvision Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue.

6.8
2017-03-14 CVE-2015-8988 Mcafee Command Injection vulnerability in Mcafee EPO Deep Command 2.1/2.2

Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.

6.5
2017-03-14 CVE-2017-6896 Digisol Reliance ON Cookies Without Validation and Integrity Checking vulnerability in Digisol Dg-Hr1400 Router Firmware 1.00.02

Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.

6.5
2017-03-17 CVE-2017-3880 Cisco Improper Authentication vulnerability in Cisco Webex Meetings Server

An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server.

6.4
2017-03-17 CVE-2017-6969 GNU Out-Of-Bounds Read vulnerability in GNU Binutils 2.28

readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries.

6.4
2017-03-14 CVE-2016-8025 Mcafee SQL Injection vulnerability in Mcafee Virusscan Enterprise

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.

6.0
2017-03-14 CVE-2016-8020 Mcafee Code Injection vulnerability in Mcafee Virusscan Enterprise

Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.

6.0
2017-03-14 CVE-2016-8018 Mcafee Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Virusscan Enterprise

Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.

6.0
2017-03-17 CVE-2017-0154 Microsoft Injection vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."

5.8
2017-03-16 CVE-2017-5643 Apache Server-Side Request Forgery (SSRF) vulnerability in Apache Camel

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

5.8
2017-03-16 CVE-2017-5617 Debian
SVG Salamander Project
Server-Side Request Forgery (SSRF) vulnerability in multiple products

The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.

5.8
2017-03-15 CVE-2017-6914 Bigtreecms Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.1.8/4.2.16

CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page.

5.8
2017-03-17 CVE-2017-3869 Cisco Security Bypass vulnerability in Cisco Prime Infrastructure 3.1(1)

An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user.

5.5
2017-03-16 CVE-2017-6379 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal

Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF.

5.1
2017-03-14 CVE-2016-8022 Mcafee Improper Authentication vulnerability in Mcafee Virusscan Enterprise

Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.

5.1
2017-03-18 CVE-2017-7177 Openinfosecfoundation Improperly Implemented Security Check FOR Standard vulnerability in Openinfosecfoundation Suricata

Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.

5.0
2017-03-17 CVE-2017-3879 Cisco Buffer Errors vulnerability in Cisco Nx-Os 7.0(3)I3(0.170)/8.3(0)Cv(0.342)/8.3(0)Cv(0.345)

A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail.

5.0
2017-03-17 CVE-2017-3878 Cisco Buffer Errors vulnerability in Cisco Nx-Os 7.0(3)I3(0.170)

A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail.

5.0
2017-03-17 CVE-2017-3875 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system.

5.0
2017-03-17 CVE-2017-3870 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco web Security Appliance 8.5.3069/9.1.1074/9.1.2010

A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule.

5.0
2017-03-17 CVE-2017-3867 Cisco Improper Authentication vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic.

5.0
2017-03-17 CVE-2017-3815 Cisco Cleartext Transmission of Sensitive Information vulnerability in Cisco Telepresence Server Software 4.2(4.17)/4.2(4.18)/4.2(4.19)

An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints.

5.0
2017-03-17 CVE-2017-6370 Typo3 Cleartext Transmission of Sensitive Information vulnerability in Typo3 7.6.15

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

5.0
2017-03-17 CVE-2015-3882 Qdpm Information Exposure vulnerability in Qdpm 8.3

qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message.

5.0
2017-03-17 CVE-2015-3881 Qdpm Information Exposure vulnerability in Qdpm 8.3

Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.

5.0
2017-03-17 CVE-2014-9854 Imagemagick
Opensuse
Suse
Canonical
Resource Management Errors vulnerability in multiple products

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

5.0
2017-03-17 CVE-2014-8723 GET Simple Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.

5.0
2017-03-17 CVE-2014-8722 GET Simple Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.

5.0
2017-03-17 CVE-2014-8706 Pluck CMS Information Exposure vulnerability in Pluck-Cms Pluck 4.7.2

Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message.

5.0
2017-03-17 CVE-2014-8702 Wondercms Information Exposure vulnerability in Wondercms 2014

Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message.

5.0
2017-03-17 CVE-2014-8701 Wondercms Information Exposure vulnerability in Wondercms 2014

Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password.

5.0
2017-03-17 CVE-2017-6962 Apng2Gif Project Integer Overflow OR Wraparound vulnerability in Apng2Gif Project Apng2Gif 1.7

An issue was discovered in apng2gif 1.7.

5.0
2017-03-17 CVE-2017-6960 Apng2Gif Project Integer Overflow OR Wraparound vulnerability in Apng2Gif Project Apng2Gif 1.7

An issue was discovered in apng2gif 1.7.

5.0
2017-03-17 CVE-2017-6955 Teleogistic Improper Input Validation vulnerability in Teleogistic Invite Anyone Plugin

An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress.

5.0
2017-03-17 CVE-2017-0129 Microsoft Improper Certificate Validation vulnerability in Microsoft Lync for mac 2011

Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability."

5.0
2017-03-16 CVE-2017-6510 Efssoft Path Traversal vulnerability in Efssoft Easy File Sharing FTP Server

Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.

5.0
2017-03-16 CVE-2017-6377 Drupal Incorrect Authorization vulnerability in Drupal

When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.

5.0
2017-03-15 CVE-2017-3846 Cisco Improper Input Validation vulnerability in Cisco Tidal Enterprise Scheduler

A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server.

5.0
2017-03-15 CVE-2015-8895 Imagemagick Integer Overflow OR Wraparound vulnerability in Imagemagick

Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.

5.0
2017-03-15 CVE-2017-5537 Weblate Information Exposure vulnerability in Weblate

The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.

5.0
2017-03-15 CVE-2017-5496 Sawmill Information Exposure vulnerability in Sawmill 8.7.9

Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.

5.0
2017-03-15 CVE-2017-5359 Easycom Aura Improper Input Validation vulnerability in Easycom-Aura SQL Iplug

EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.

5.0
2017-03-15 CVE-2016-10197 Debian
Libevent Project
Out-Of-Bounds Read vulnerability in multiple products

The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.

5.0
2017-03-15 CVE-2016-10196 Debian
Libevent Project
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

5.0
2017-03-15 CVE-2016-10250 Jasper Project Null Pointer Dereference vulnerability in Jasper Project Jasper

The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error.

5.0
2017-03-15 CVE-2016-10248 Jasper Project Null Pointer Dereference vulnerability in Jasper Project Jasper

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

5.0
2017-03-14 CVE-2015-8990 Mcafee 7PK - Security Features vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14/3.4.4.142

Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware.

5.0
2017-03-14 CVE-2013-7462 Mcafee Path Traversal vulnerability in Mcafee Saas Control Console Platform

A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit.

5.0
2017-03-14 CVE-2017-3000 Adobe
Apple
Google
Linux
Microsoft
Information Exposure vulnerability in Adobe Flash Player

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding.

5.0
2017-03-14 CVE-2016-10189 Bitlbee Null Pointer Dereference vulnerability in Bitlbee and Bitlbee-Libpurple

BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.

5.0
2017-03-14 CVE-2017-6367 Cerberusftp Improper Input Validation vulnerability in Cerberusftp FTP Server 8.0.10.1

In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash.

5.0
2017-03-14 CVE-2016-9368 Eaton Improper Access Control vulnerability in Eaton Xcomfort Ethernet Communication Interface 1.07

An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior.

5.0
2017-03-14 CVE-2016-8747 Apache Information Exposure vulnerability in Apache Tomcat

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations.

5.0
2017-03-14 CVE-2014-8688 Telegram Information Exposure vulnerability in Telegram Messenger 1.8.2/2.6

An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android.

5.0
2017-03-13 CVE-2017-5674 Embedthis Information Exposure vulnerability in Embedthis Goahead

A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password.

5.0
2017-03-16 CVE-2017-6951 Linux Null Pointer Dereference vulnerability in Linux Kernel

The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type.

4.9
2017-03-16 CVE-2017-5857 Qemu Memory Leak vulnerability in Qemu

Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.

4.9
2017-03-16 CVE-2017-5856 Qemu
Debian
Memory Leak vulnerability in multiple products

Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.

4.9
2017-03-15 CVE-2017-5579 Qemu
Debian
Memory Leak vulnerability in multiple products

Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

4.9
2017-03-15 CVE-2017-5578 Qemu Memory Leak vulnerability in Qemu

Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

4.9
2017-03-15 CVE-2017-5552 Qemu Memory Leak vulnerability in Qemu

Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

4.9
2017-03-15 CVE-2017-5526 Qemu
Debian
Memory Leak vulnerability in multiple products

Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

4.9
2017-03-15 CVE-2017-5525 Qemu
Debian
Memory Leak vulnerability in multiple products

Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

4.9
2017-03-15 CVE-2016-10163 Virglrenderer Project Resource Management Errors vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0

Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context.

4.9
2017-03-15 CVE-2016-10155 Qemu
Debian
Memory Leak vulnerability in multiple products

Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

4.9
2017-03-15 CVE-2017-6414 Libcacard
Libcacard Project
Missing Release of Resource After Effective Lifetime vulnerability in Libcacard Project Libcacard 2.5.0/2.5.1/2.5.2

Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object.

4.9
2017-03-15 CVE-2017-6386 Virglrenderer Project Missing Release of Resource After Effective Lifetime vulnerability in Virglrenderer Project Virglrenderer

Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands.

4.9
2017-03-15 CVE-2017-6317 Virglrenderer Project Missing Release of Resource After Effective Lifetime vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0

Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable.

4.9
2017-03-15 CVE-2017-5993 Virglrenderer Project Missing Release of Resource After Effective Lifetime vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0

Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_CCMD_BLIT commands.

4.9
2017-03-17 CVE-2017-0102 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate buffer lengths, aka "Windows Elevation of Privilege Vulnerability."

4.6
2017-03-14 CVE-2016-8026 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Security Scan Plus 2.0.181.2

Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors.

4.6
2017-03-14 CVE-2016-8012 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Data Loss Prevention Endpoint

Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get.

4.6
2017-03-14 CVE-2016-8010 Mcafee Improper Access Control vulnerability in Mcafee Application Control and Endpoint Security

Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility.

4.6
2017-03-14 CVE-2016-8009 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Application Control

Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call.

4.6
2017-03-17 CVE-2017-0103 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability."

4.4
2017-03-17 CVE-2017-0100 Microsoft Improper Authentication vulnerability in Microsoft products

A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation of Privilege Vulnerability."

4.4
2017-03-15 CVE-2017-6189 Amazon Untrusted Search Path vulnerability in Amazon Kindle for PC 1.3.0.30884

Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer.

4.4
2017-03-15 CVE-2017-6438 Libplist Project Out-Of-Bounds Write vulnerability in Libplist Project Libplist 1.12

Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file.

4.4
2017-03-19 CVE-2016-8855 Sitecore Cross-Site Scripting vulnerability in Sitecore Experience Platform 8.1

Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev.

4.3
2017-03-17 CVE-2017-3877 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager 11.5(1.11.007.2)

A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software.

4.3
2017-03-17 CVE-2017-3872 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager

A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device.

4.3
2017-03-17 CVE-2017-3868 Cisco Cross-Site Scripting vulnerability in Cisco Unified Computing System Director 6.0(0.0)

A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2017-03-17 CVE-2017-3866 Cisco Cross-Site Scripting vulnerability in Cisco Prime Service Catalog 11.1.2/11.1Base

A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.

4.3
2017-03-17 CVE-2015-7313 Libtiff Resource Management Errors vulnerability in Libtiff

LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.

4.3
2017-03-17 CVE-2015-4645 Squashfs Project
Fedoraproject
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.

4.3
2017-03-17 CVE-2015-3883 Qdpm Cross-Site Scripting vulnerability in Qdpm 8.3

Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "Name of application" on index.php/configuration; (3) a new project name on index.php/projects; (4) the task name on index.php/tasks; (5) ticket name on index.php/tickets; (6) discussion name on index.php/discussions; (7) report name on index.php/projectReports; or (8) event name on index.php/scheduler/personal.

4.3
2017-03-17 CVE-2014-9853 Imagemagick
Suse
Novell
Opensuse
Opensuse Project
Canonical
Resource Management Errors vulnerability in multiple products

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

4.3
2017-03-17 CVE-2014-8703 Wondercms Cross-Site Scripting vulnerability in Wondercms 2014

Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML.

4.3
2017-03-17 CVE-2017-6966 GNU USE After Free vulnerability in GNU Binutils 2.28

readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary.

4.3
2017-03-17 CVE-2017-6965 GNU Buffer Errors vulnerability in GNU Binutils 2.28

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

4.3
2017-03-17 CVE-2017-6961 Apng2Gif Project Improper Input Validation vulnerability in Apng2Gif Project Apng2Gif 1.7

An issue was discovered in apng2gif 1.7.

4.3
2017-03-17 CVE-2017-6958 Mantisbt Cross-Site Scripting vulnerability in Mantisbt Source Integration

An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.

4.3
2017-03-17 CVE-2017-0147 Microsoft Information Exposure vulnerability in Microsoft Server Message Block 1.0

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."

4.3
2017-03-17 CVE-2017-0128 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0127.

4.3
2017-03-17 CVE-2017-0127 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0126 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0125 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0124 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0123 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0122 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0121 Microsoft Information Exposure vulnerability in Microsoft products

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0120 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Uniscribe Information Disclosure Vulnerability."

4.3
2017-03-17 CVE-2017-0119 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0118 Microsoft Information Exposure vulnerability in Microsoft products

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0117 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0116 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0115 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0114 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0113 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0112 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0111 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0110 Microsoft Cross-Site Scripting vulnerability in Microsoft Exchange Server 2013

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."

4.3
2017-03-17 CVE-2017-0107 Microsoft Cross-Site Scripting vulnerability in Microsoft Sharepoint Foundation 2013

Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability."

4.3
2017-03-17 CVE-2017-0105 Microsoft Information Exposure vulnerability in Microsoft products

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

4.3
2017-03-17 CVE-2017-0092 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0091 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0085 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3
2017-03-17 CVE-2017-0073 Microsoft Information Exposure vulnerability in Microsoft products

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.

4.3
2017-03-17 CVE-2017-0069 Microsoft Improper Input Validation vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0033.

4.3
2017-03-17 CVE-2017-0068 Microsoft Information Exposure vulnerability in Microsoft Edge

Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0065.

4.3
2017-03-17 CVE-2017-0065 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0068.

4.3
2017-03-17 CVE-2017-0063 Microsoft Information Exposure vulnerability in Microsoft products

The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061.

4.3
2017-03-17 CVE-2017-0059 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.

4.3
2017-03-17 CVE-2017-0057 Microsoft Information Exposure vulnerability in Microsoft products

DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote attackers to obtain sensitive information via (1) convincing a workstation user to visit an untrusted webpage or (2) tricking a server into sending a DNS query to a malicious DNS server, aka "Windows DNS Query Information Disclosure Vulnerability."

4.3
2017-03-17 CVE-2017-0055 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability."

4.3
2017-03-17 CVE-2017-0049 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 11

The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037.

4.3
2017-03-17 CVE-2017-0045 Microsoft Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."

4.3
2017-03-17 CVE-2017-0033 Microsoft Improper Input Validation vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.

4.3
2017-03-17 CVE-2017-0029 Microsoft Denial of Service vulnerability in Microsoft Office

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

4.3
2017-03-17 CVE-2017-0022 Microsoft Information Exposure vulnerability in Microsoft products

Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."

4.3
2017-03-17 CVE-2017-0017 Microsoft Cross-Site Scripting vulnerability in Microsoft Edge

The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068.

4.3
2017-03-17 CVE-2017-0012 Microsoft Improper Input Validation vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.

4.3
2017-03-17 CVE-2017-0011 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.

4.3
2017-03-17 CVE-2017-0009 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.

4.3
2017-03-17 CVE-2017-0008 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059.

4.3
2017-03-16 CVE-2017-5505 Jasper Project Buffer Errors vulnerability in Jasper Project Jasper 1.900.27

The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

4.3
2017-03-16 CVE-2016-10187 Calibre Ebook Permissions, Privileges, and Access Controls vulnerability in Calibre-Ebook Calibre

The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.

4.3
2017-03-16 CVE-2016-0770 Zahmit Design Cross-Site Scripting vulnerability in Zahmit Design Connections Business Directory Plugin

Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable.

4.3
2017-03-16 CVE-2016-10247 Artifex Out-Of-Bounds Write vulnerability in Artifex Mupdf 1.10

Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc.

4.3
2017-03-16 CVE-2016-10246 Artifex Out-Of-Bounds Write vulnerability in Artifex Mupdf 1.10

Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc.

4.3
2017-03-16 CVE-2017-6061 SAP Cross-Site Scripting vulnerability in SAP Businessobjects Financial Consolidation 10.0.0.1933

Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request.

4.3
2017-03-15 CVE-2017-5849 Fedoraproject
Netpbm Project
Out-Of-Bounds Read vulnerability in multiple products

tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.

4.3
2017-03-15 CVE-2015-8898 Imagemagick Null Pointer Dereference vulnerability in Imagemagick

The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.

4.3
2017-03-15 CVE-2015-8897 Imagemagick Out-Of-Bounds Read vulnerability in Imagemagick

The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.

4.3
2017-03-15 CVE-2015-8896 Imagemagick Numeric Errors vulnerability in Imagemagick

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

4.3
2017-03-15 CVE-2015-8894 Imagemagick Double Free vulnerability in Imagemagick

Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.

4.3
2017-03-15 CVE-2017-6918 Bigtreecms Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.2.16

CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page.

4.3
2017-03-15 CVE-2017-6917 Bigtreecms Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.2.16

CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page.

4.3
2017-03-15 CVE-2017-6916 Bigtreecms Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.1.8

CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page.

4.3
2017-03-15 CVE-2017-6915 Bigtreecms Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.1.8

CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page.

4.3
2017-03-15 CVE-2016-7103 Jquery
Oracle
Fedoraproject
Netapp
Redhat
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

4.3
2017-03-15 CVE-2017-6443 Epson Cross-Site Scripting vulnerability in Epson Tmnet Webconfig 1.00

Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.

4.3
2017-03-15 CVE-2017-6430 Ettercap Project Out-Of-Bounds Read vulnerability in Ettercap-Project Ettercap

The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.

4.3
2017-03-15 CVE-2016-10167 Libgd Improper Input Validation vulnerability in Libgd

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

4.3
2017-03-15 CVE-2017-6851 Jasper Project Out-Of-Bounds Read vulnerability in Jasper Project Jasper

The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.

4.3
2017-03-15 CVE-2017-6850 Jasper Project Null Pointer Dereference vulnerability in Jasper Project Jasper

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

4.3
2017-03-15 CVE-2017-6849 Podofo Project Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.4

The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

4.3
2017-03-15 CVE-2017-6848 Podofo Project Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5

The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

4.3
2017-03-15 CVE-2017-6847 Podofo Project Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.4

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

4.3
2017-03-15 CVE-2017-6846 Podofo Project Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.4

The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

4.3
2017-03-15 CVE-2017-6845 Podofo Project Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.4

The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

4.3
2017-03-15 CVE-2017-6842 Podofo Project Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5

The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

4.3
2017-03-15 CVE-2017-6841 Podofo Project Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5

The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

4.3
2017-03-15 CVE-2017-6840 Podofo Project Out-Of-Bounds Read vulnerability in Podofo Project Podofo 0.9.5

The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.

4.3
2017-03-15 CVE-2017-5938 Debian
Opensuse
Opensuse Project
Viewvc
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

4.3
2017-03-15 CVE-2016-6906 Libgd Out-Of-Bounds Read vulnerability in Libgd

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

4.3
2017-03-15 CVE-2017-6909 Shishnet Cross-Site Scripting vulnerability in Shishnet Shimmie

An issue was discovered in Shimmie <= 2.5.1.

4.3
2017-03-15 CVE-2017-6908 Concrete5 Cross-Site Scripting vulnerability in Concrete5

An issue was discovered in concrete5 <= 5.6.3.4.

4.3
2017-03-15 CVE-2017-6907 Open GL Project Cross-Site Scripting vulnerability in Open.Gl Project Open.Gl 20170212

An issue was discovered in Open.GL before 2017-03-13.

4.3
2017-03-15 CVE-2017-6906 Siberiancms Cross-Site Scripting vulnerability in Siberiancms

An issue was discovered in SiberianCMS before 4.10.0.

4.3
2017-03-15 CVE-2017-6905 Concrete5 Cross-Site Scripting vulnerability in Concrete5

An issue was discovered in concrete5 <= 5.6.3.4.

4.3
2017-03-14 CVE-2016-8019 Mcafee Cross-Site Scripting vulnerability in Mcafee Virusscan Enterprise

Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.

4.3
2017-03-14 CVE-2016-8011 Intel Security Mcafee Cross-Site Scripting vulnerability in Intel Security Mcafee Endpoint Security web Control

Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site.

4.3
2017-03-14 CVE-2015-8986 Mcafee 7PK - Security Features vulnerability in Mcafee Advanced Threat Defense 3.4.2.32

Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware.

4.3
2017-03-14 CVE-2014-9920 Mcafee Improper Access Control vulnerability in Mcafee Application Control

Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.

4.3
2017-03-14 CVE-2017-6335 Graphicsmagick Out-Of-Bounds Read vulnerability in Graphicsmagick

The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.

4.3
2017-03-14 CVE-2016-10172 Wavpack Project Out-Of-Bounds Read vulnerability in Wavpack Project Wavpack

The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.

4.3
2017-03-14 CVE-2016-10171 Wavpack Project Out-Of-Bounds Read vulnerability in Wavpack Project Wavpack

The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.

4.3
2017-03-14 CVE-2016-10170 Wavpack Project Out-Of-Bounds Read vulnerability in Wavpack Project Wavpack

The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.

4.3
2017-03-14 CVE-2016-10169 Wavpack Project Out-Of-Bounds Read vulnerability in Wavpack Project Wavpack

The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.

4.3
2017-03-14 CVE-2017-6877 Lutim Project Cross-Site Scripting vulnerability in Lutim Project Lutim

Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script.

4.3
2017-03-13 CVE-2014-3926 LG Project Cross-Site Scripting vulnerability in LG Project LG

Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter.

4.3
2017-03-13 CVE-2017-6807 Uninett Cross-Site Scripting vulnerability in Uninett MOD Auth Mellon

mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.

4.3
2017-03-13 CVE-2015-6671 EDX Information Exposure vulnerability in EDX Edx-Platform

Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.

4.3
2017-03-13 CVE-2017-5621 Zammad Cross-Site Scripting vulnerability in Zammad

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1.

4.3
2017-03-13 CVE-2017-5620 Zammad Cross-Site Scripting vulnerability in Zammad

An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1.

4.3
2017-03-17 CVE-2017-3871 Cisco Information Exposure vulnerability in Cisco Prime Optical 10.6(0.1)

A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device.

4.0
2017-03-17 CVE-2017-3811 Cisco XXE vulnerability in Cisco Webex Meetings Server 2.6

An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system.

4.0
2017-03-17 CVE-2014-8707 Pluck CMS Cross-Site Scripting vulnerability in Pluck-Cms Pluck 4.7.2

Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option.

4.0
2017-03-17 CVE-2017-6954 Buddypress Improper Privilege Management vulnerability in Buddypress

An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress.

4.0
2017-03-17 CVE-2017-0140 Microsoft Security Bypass vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.

4.0
2017-03-17 CVE-2017-0135 Microsoft Unspecified vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.

4.0
2017-03-17 CVE-2017-0066 Microsoft Security Bypass vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.

4.0
2017-03-15 CVE-2017-5583 Paloaltonetworks Information Exposure vulnerability in Paloaltonetworks Pan-Os

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors.

4.0
2017-03-14 CVE-2017-3899 Mcafee SQL Injection vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14/3.4.4.142

SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.

4.0
2017-03-14 CVE-2016-8017 Mcafee Improper Input Validation vulnerability in Mcafee Virusscan Enterprise

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.

4.0
2017-03-14 CVE-2016-8005 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Email Gateway

File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension.

4.0
2017-03-14 CVE-2015-8989 Mcafee Cryptographic Issues vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5

Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.

4.0

38 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-17 CVE-2017-3874 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2)

A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack.

3.5
2017-03-15 CVE-2017-5584 Paloaltonetworks Cross-Site Scripting vulnerability in Paloaltonetworks Pan-Os

Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2017-03-14 CVE-2016-8021 Mcafee Improper Verification of Cryptographic Signature vulnerability in Mcafee Virusscan Enterprise

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.

3.5
2017-03-14 CVE-2016-8016 Mcafee Information Exposure vulnerability in Mcafee Virusscan Enterprise

Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.

3.5
2017-03-14 CVE-2015-8987 Mcafee Improper Access Control vulnerability in Mcafee Agent

Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server.

3.5
2017-03-14 CVE-2016-8007 Mcafee Improper Access Control vulnerability in Mcafee Host Intrusion Prevention Services

Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions.

3.0
2017-03-17 CVE-2017-0098 Microsoft Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016

Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099.

2.9
2017-03-17 CVE-2017-0076 Microsoft Improper Input Validation vulnerability in Microsoft products

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099.

2.9
2017-03-17 CVE-2017-0051 Microsoft Remote Denial of Service vulnerability in Microsoft Windows Hyper-V

Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, and CVE-2017-0099.

2.9
2017-03-17 CVE-2017-0043 Microsoft Information Exposure vulnerability in Microsoft products

Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability."

2.9
2017-03-17 CVE-2017-0061 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063.

2.6
2017-03-17 CVE-2017-0042 Microsoft Information Exposure vulnerability in Microsoft products

Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "Windows Media Player Information Disclosure Vulnerability."

2.6
2017-03-17 CVE-2017-0027 Microsoft Information Exposure vulnerability in Microsoft Excel, Office Compatibility Pack and Sharepoint Server

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

2.6
2017-03-14 CVE-2017-6883 Foxitsoftware
Microsoft
Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image.

2.6
2017-03-17 CVE-2017-0099 Microsoft Improper Input Validation vulnerability in Microsoft products

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0097.

2.3
2017-03-17 CVE-2017-0097 Microsoft Improper Input Validation vulnerability in Microsoft products

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0099.

2.3
2017-03-17 CVE-2017-0096 Microsoft Information Exposure vulnerability in Microsoft products

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."

2.3
2017-03-17 CVE-2017-0074 Microsoft Improper Input Validation vulnerability in Microsoft products

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099.

2.3
2017-03-17 CVE-2017-0007 Microsoft Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016

Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability."

2.1
2017-03-16 CVE-2017-5667 Qemu
Debian
Out-Of-Bounds Read vulnerability in multiple products

The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.

2.1
2017-03-15 CVE-2017-5937 Virglrenderer Project Null Pointer Dereference vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0

The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.

2.1
2017-03-15 CVE-2017-5898 Qemu
Suse
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.

2.1
2017-03-15 CVE-2017-5580 Virglrenderer Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0

The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction.

2.1
2017-03-15 CVE-2017-6505 Qemu Infinite Loop vulnerability in Qemu

The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.

2.1
2017-03-15 CVE-2017-6210 Virglrenderer Project Null Pointer Dereference vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0

The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero).

2.1
2017-03-15 CVE-2017-6209 Virglrenderer Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0

Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties.

2.1
2017-03-15 CVE-2017-5994 Virglrenderer Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0

Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter.

2.1
2017-03-14 CVE-2013-7461 Mcafee Improper Access Control vulnerability in Mcafee Application Control and Change Control

A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions.

2.1
2017-03-14 CVE-2013-7460 Mcafee Improper Access Control vulnerability in Mcafee Application Control and Change Control

A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions.

2.1
2017-03-14 CVE-2017-5985 Linuxcontainers Missing Authorization vulnerability in Linuxcontainers LXC

lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.

2.1
2017-03-14 CVE-2017-5957 Qemu
Virglrenderer Project
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.

2.1
2017-03-17 CVE-2017-0062 Microsoft Information Exposure vulnerability in Microsoft products

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073.

1.9
2017-03-17 CVE-2017-0060 Microsoft Information Exposure vulnerability in Microsoft products

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.

1.9
2017-03-15 CVE-2017-6440 Libplist Project Improper Input Validation vulnerability in Libplist Project Libplist 1.12

The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.

1.9
2017-03-15 CVE-2017-6439 Libplist Project Out-Of-Bounds Write vulnerability in Libplist Project Libplist 1.12

Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist file.

1.9
2017-03-15 CVE-2017-6437 Libplist Project Out-Of-Bounds Read vulnerability in Libplist Project Libplist 1.12

The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file.

1.9
2017-03-15 CVE-2017-6436 Libplist Project Improper Input Validation vulnerability in Libplist Project Libplist 1.12

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.

1.9
2017-03-15 CVE-2017-6435 Libplist Project Buffer Errors vulnerability in Libplist Project Libplist 1.12

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file.

1.9