Weekly Vulnerabilities Reports > March 20 to 26, 2017

Overview

276 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 205 products from 100 vendors including Imagemagick, Opensuse, Jasper Project, GNU, and Canonical. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Out-of-bounds Read", and "Information Exposure".

  • 245 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 56 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 247 reported vulnerabilities are exploitable by an anonymous user.
  • Imagemagick has the most reported vulnerabilities, with 44 reported vulnerabilities.
  • Qnap has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-24 CVE-2016-6206 Huawei Improper Input Validation vulnerability in Huawei Ar3200 Firmware

Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet.

10.0
2017-03-24 CVE-2015-8556 Qemu Race Condition vulnerability in Qemu

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

10.0
2017-03-23 CVE-2017-6517 Microsoft Uncontrolled Search Path Element vulnerability in Microsoft Skype 7.16.0.102

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.

10.0
2017-03-23 CVE-2015-0855 Pitivi Code Injection vulnerability in Pitivi

The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.

10.0
2017-03-23 CVE-2014-8731 Phpmemcachedadmin Project Deserialization of Untrusted Data vulnerability in PHPmemcachedadmin Project PHPmemcachedadmin 1.2.2

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.

10.0
2017-03-23 CVE-2014-7279 Kankunit Permissions, Privileges, and Access Controls vulnerability in Kankunit Konke Smart Plug Firmware K

The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.

10.0
2017-03-23 CVE-2017-6361 Qnap OS Command Injection vulnerability in Qnap QTS

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.

10.0
2017-03-23 CVE-2017-6360 Qnap OS Command Injection vulnerability in Qnap QTS

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.

10.0
2017-03-23 CVE-2017-6359 Qnap OS Command Injection vulnerability in Qnap QTS

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.

10.0
2017-03-23 CVE-2017-5538 Samsung Out-Of-Bounds Read vulnerability in Samsung Mobile 6.0/7.0

The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362.

10.0
2017-03-22 CVE-2017-6972 Alienvault
Nfsen
Improper Check FOR Dropped Privileges vulnerability in multiple products

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.

10.0
2017-03-22 CVE-2017-3853 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOX 1.1.0/1.1(0)

A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device.

10.0
2017-03-26 CVE-2016-10273 Jensen OF Scandinavia AS Buffer Errors vulnerability in Jensen of Scandinavia AS products

Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.

9.0
2017-03-23 CVE-2016-1597 Netiq Permissions, Privileges, and Access Controls vulnerability in Netiq Access Governance Suite

A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.

9.0
2017-03-22 CVE-2017-3858 Cisco Improper Input Validation vulnerability in Cisco IOS XE 16.2/16.2.1

A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

9.0
2017-03-22 CVE-2017-6971 Alienvault
Nfsen
Injection vulnerability in multiple products

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.

9.0
2017-03-20 CVE-2016-4929 Juniper Command Injection vulnerability in Juniper Junos Space 15.1/15.2

Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.

9.0

49 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-24 CVE-2017-5507 Imagemagick
Debian
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.

7.8
2017-03-24 CVE-2016-10146 Imagemagick Resource Management Errors vulnerability in Imagemagick

Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.8
2017-03-22 CVE-2017-3864 Cisco Unspecified vulnerability in Cisco IOS and IOS XE

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

7.8
2017-03-22 CVE-2017-3859 Cisco USE of Externally-Controlled Format String vulnerability in Cisco IOS XE

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload.

7.8
2017-03-22 CVE-2017-3857 Cisco Resource Exhaustion vulnerability in Cisco IOS XE

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload.

7.8
2017-03-22 CVE-2017-3856 Cisco Resource Exhaustion vulnerability in Cisco IOS XE

A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload.

7.8
2017-03-20 CVE-2017-1145 IBM Improper Resource Shutdown OR Release vulnerability in IBM Websphere MQ 8.0.0.6

IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion.

7.8
2017-03-26 CVE-2017-2641 Moodle SQL Injection vulnerability in Moodle

In Moodle 2.x and 3.x, SQL injection can occur via user preferences.

7.5
2017-03-24 CVE-2017-5511 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.

7.5
2017-03-24 CVE-2017-5337 Opensuse
GNU
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

7.5
2017-03-24 CVE-2017-5336 Opensuse
GNU
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.

7.5
2017-03-24 CVE-2017-5334 Opensuse
GNU
Double Free vulnerability in multiple products

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.

7.5
2017-03-24 CVE-2016-10145 Imagemagick Numeric Errors vulnerability in Imagemagick

Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.

7.5
2017-03-24 CVE-2016-10144 Imagemagick Improper Access Control vulnerability in Imagemagick

coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.

7.5
2017-03-24 CVE-2016-10133 Artifex Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Artifex Mujs

Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc.

7.5
2017-03-24 CVE-2016-10128 Libgit2 Project Buffer Errors vulnerability in Libgit2 Project Libgit2 0.25.0

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.

7.5
2017-03-23 CVE-2017-6950 SAP Incorrect Permission Assignment FOR Critical Resource vulnerability in SAP GUI FOR Windows

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.

7.5
2017-03-23 CVE-2017-6895 USB Pratirodh Project XXE vulnerability in USB Pratirodh Project USB Pratirodh

USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml.

7.5
2017-03-23 CVE-2015-4166 Cloudera KEY Management Errors vulnerability in Cloudera KEY Trustee Server

Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key.

7.5
2017-03-23 CVE-2017-5897 Linux Out-Of-Bounds Read vulnerability in Linux Kernel

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.

7.5
2017-03-23 CVE-2016-5757 Netiq Information Exposure vulnerability in Netiq Access Manager 4.1/4.2

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.

7.5
2017-03-22 CVE-2017-7230 Disksorter Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Disksorter Disk Sorter

A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.

7.5
2017-03-21 CVE-2014-9939 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Binutils

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.

7.5
2017-03-20 CVE-2016-4926 Juniper Improper Authentication vulnerability in Juniper Junos Space 15.1/15.2

Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.

7.5
2017-03-20 CVE-2017-6550 Kinsey SQL Injection vulnerability in Kinsey Infor-Lawson

Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.

7.5
2017-03-20 CVE-2015-8954 Openinfosecfoundation Permissions, Privileges, and Access Controls vulnerability in Openinfosecfoundation Suricata

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.

7.5
2017-03-20 CVE-2014-9847 Opensuse Project
Opensuse
Canonical
Imagemagick
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.

7.5
2017-03-20 CVE-2014-9846 Suse
Opensuse
Opensuse Project
Canonical
Imagemagick
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

7.5
2017-03-20 CVE-2014-9843 Opensuse
Opensuse Project
Canonical
Imagemagick
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.

7.5
2017-03-20 CVE-2014-9841 Opensuse
Opensuse Project
Canonical
Imagemagick
7PK - Errors vulnerability in multiple products

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."

7.5
2017-03-24 CVE-2017-5198 Solarwinds Local Privilege Escalation vulnerability in SolarWinds Log and Event Manager

SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.

7.2
2017-03-23 CVE-2017-7199 Tenable Incorrect Permission Assignment FOR Critical Resource vulnerability in Tenable Nessus

Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode.

7.2
2017-03-23 CVE-2017-5207 Firejail Project Improper Privilege Management vulnerability in Firejail Project Firejail

Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.

7.2
2017-03-23 CVE-2016-9775 Debian
Canonical
Apache
Permissions, Privileges, and Access Controls vulnerability in multiple products

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.

7.2
2017-03-23 CVE-2016-9774 Debian
Canonical
Apache
Link Following vulnerability in multiple products

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.

7.2
2017-03-23 CVE-2016-1602 Suse Code Injection vulnerability in Suse products

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).

7.2
2017-03-21 CVE-2017-6417 Avira Uncontrolled Search Path Element vulnerability in Avira products

Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack.

7.2
2017-03-21 CVE-2017-6186 Bitdefender Code Injection vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security

Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack.

7.2
2017-03-21 CVE-2017-5567 Avast Uncontrolled Search Path Element vulnerability in Avast products

Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack.

7.2
2017-03-21 CVE-2017-5566 AVG Uncontrolled Search Path Element vulnerability in AVG Anti-Virus, Internet Security and Ultimate

Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG AntiVirus FREE 17.1 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any AVG process via a "DoubleAgent" attack.

7.2
2017-03-21 CVE-2017-5565 Trendmicro Uncontrolled Search Path Element vulnerability in Trendmicro products

Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack.

7.2
2017-03-20 CVE-2017-5618 GNU Incorrect Authorization vulnerability in GNU Screen

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.

7.2
2017-03-20 CVE-2017-1134 IBM Local Privilege Escalation vulnerability in IBM Tivoli System Automation for Multiplatforms

IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access.

7.2
2017-03-20 CVE-2017-7187 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.

7.2
2017-03-24 CVE-2017-5644 Apache XML Entity Expansion vulnerability in Apache POI

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

7.1
2017-03-24 CVE-2015-8678 Huawei Improper Input Validation vulnerability in Huawei Mate S Firmware and P8 Firmware

The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application.

7.1
2017-03-23 CVE-2016-10058 Imagemagick Resource Exhaustion vulnerability in Imagemagick

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.

7.1
2017-03-23 CVE-2016-10047 Imagemagick Resource Exhaustion vulnerability in Imagemagick

Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.

7.1
2017-03-21 CVE-2017-3850 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

7.1

188 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-20 CVE-2016-5857 Google Permissions, Privileges, and Access Controls vulnerability in Google Android 7.0

The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.

6.9
2017-03-26 CVE-2017-7264 Artifex USE After Free vulnerability in Artifex Mupdf 1.10A

Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc.

6.8
2017-03-26 CVE-2017-7263 Potrace Project Out-Of-Bounds Read vulnerability in Potrace Project Potrace 1.14

The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image.

6.8
2017-03-24 CVE-2016-10272 Libtiff Buffer Errors vulnerability in Libtiff 4.0.7

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.

6.8
2017-03-24 CVE-2016-10271 Libtiff Buffer Errors vulnerability in Libtiff 4.0.7

tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.

6.8
2017-03-24 CVE-2016-10270 Libtiff Out-Of-Bounds Read vulnerability in Libtiff 4.0.7

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.

6.8
2017-03-24 CVE-2016-10269 Libtiff Out-Of-Bounds Read vulnerability in Libtiff 4.0.7

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.

6.8
2017-03-24 CVE-2016-10268 Libtiff Integer Underflow (Wrap OR Wraparound) vulnerability in Libtiff 4.0.7

tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.

6.8
2017-03-24 CVE-2017-5510 Imagemagick
Debian
Out-Of-Bounds Write vulnerability in multiple products

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

6.8
2017-03-24 CVE-2017-5509 Imagemagick Out-Of-Bounds Write vulnerability in Imagemagick

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

6.8
2017-03-24 CVE-2017-5506 Imagemagick
Debian
Double Free vulnerability in multiple products

Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.

6.8
2017-03-23 CVE-2017-7246 Pcre Buffer Errors vulnerability in Pcre 8.40

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

6.8
2017-03-23 CVE-2017-7245 Pcre Buffer Errors vulnerability in Pcre 8.40

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

6.8
2017-03-23 CVE-2015-8624 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.

6.8
2017-03-23 CVE-2015-8623 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.

6.8
2017-03-23 CVE-2016-9387 Jasper Project Integer Overflow OR Wraparound vulnerability in Jasper Project Jasper

Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.

6.8
2017-03-23 CVE-2016-8886 Jasper Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Jasper Project Jasper

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

6.8
2017-03-23 CVE-2016-10059 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.

6.8
2017-03-23 CVE-2016-10057 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

6.8
2017-03-23 CVE-2016-10056 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

6.8
2017-03-23 CVE-2016-10055 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

6.8
2017-03-23 CVE-2016-10054 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

6.8
2017-03-23 CVE-2016-10052 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

6.8
2017-03-23 CVE-2016-10051 Imagemagick
Opensuse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

6.8
2017-03-23 CVE-2016-10050 Imagemagick
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

6.8
2017-03-23 CVE-2016-10049 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

6.8
2017-03-23 CVE-2017-6191 Apng Disassembler Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apng Disassembler Project Apng Disassembler

Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.

6.8
2017-03-23 CVE-2017-5206 Firejail Project
Linux
Security Bypass vulnerability in Firejail

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.

6.8
2017-03-23 CVE-2016-5758 Netiq Cross-Site Request Forgery (CSRF) vulnerability in Netiq Access Manager 4.1/4.2

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.

6.8
2017-03-23 CVE-2017-7235 Cloudflare Scrape Project Improper Input Validation vulnerability in Cloudflare-Scrape Project Cloudflare-Scrape

An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1.

6.8
2017-03-22 CVE-2017-7231 Pngdefry Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pngdefry Project Pngdefry

pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file.

6.8
2017-03-22 CVE-2014-9835 Imagemagick Buffer Errors vulnerability in Imagemagick 6.8.99

Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.

6.8
2017-03-22 CVE-2014-9834 Imagemagick Buffer Errors vulnerability in Imagemagick 6.8.99

Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.

6.8
2017-03-22 CVE-2014-9833 Imagemagick Buffer Errors vulnerability in Imagemagick 6.8.99

Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.

6.8
2017-03-22 CVE-2014-9832 Imagemagick Buffer Errors vulnerability in Imagemagick 6.8.99

Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.

6.8
2017-03-22 CVE-2017-5874 D Link Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dir-600M Firmware

CSRF exists on D-Link DIR-600M Rev.

6.8
2017-03-21 CVE-2016-4504 Meteocontrol Cross-Site Request Forgery (CSRF) vulnerability in Meteocontrol Weblog

A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions.

6.8
2017-03-20 CVE-2016-4928 Juniper Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos Space 15.1/15.2

Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.

6.8
2017-03-20 CVE-2016-4927 Juniper Improper Input Validation vulnerability in Juniper Junos Space 15.1/15.2

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.

6.8
2017-03-20 CVE-2016-6816 Apache Improper Input Validation vulnerability in Apache Tomcat

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters.

6.8
2017-03-20 CVE-2017-6803 Solarwinds Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds FTP Voyager 16.2.0

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.

6.8
2017-03-20 CVE-2017-1151 IBM Remote Privilege Escalation vulnerability in IBM WebSphere Application Server

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system.

6.8
2017-03-20 CVE-2015-8983 GNU Integer Overflow OR Wraparound vulnerability in GNU Glibc

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.

6.8
2017-03-20 CVE-2012-5361 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.

6.8
2017-03-20 CVE-2014-9938 GIT SCM Improper Encoding OR Escaping of Output vulnerability in Git-Scm GIT

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

6.8
2017-03-24 CVE-2017-6087 Eonweb Project OS Command Injection vulnerability in Eonweb Project Eonweb

EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.

6.5
2017-03-24 CVE-2017-5869 Nuxeo Path Traversal vulnerability in Nuxeo

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a ..

6.5
2017-03-24 CVE-2017-6369 Firebirdsql Missing Authorization vulnerability in Firebirdsql Firebird

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.

6.5
2017-03-24 CVE-2017-5199 Solarwinds Incorrect Permission Assignment FOR Critical Resource vulnerability in Solarwinds LOG and Event Manager

The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.

6.5
2017-03-23 CVE-2016-5750 Netiq Improper Access Control vulnerability in Netiq Access Manager 4.1/4.2

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.

6.5
2017-03-22 CVE-2017-7226 GNU Out-Of-Bounds Read vulnerability in GNU Binutils 2.28

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings.

6.4
2017-03-21 CVE-2017-3849 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

6.1
2017-03-26 CVE-2017-7266 Netflix Open Redirect vulnerability in Netflix Security Monkey

Netflix Security Monkey before 0.8.0 has an Open Redirect.

5.8
2017-03-21 CVE-2017-7208 Libav Out-Of-Bounds Read vulnerability in Libav 9.21

The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

5.8
2017-03-21 CVE-2017-7206 Libav Out-Of-Bounds Read vulnerability in Libav 9.21

The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

5.8
2017-03-22 CVE-2017-3852 Cisco Improper Input Validation vulnerability in Cisco IOX 1.1.0/1.1(0)

A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device.

5.5
2017-03-26 CVE-2017-2643 Moodle Information Exposure vulnerability in Moodle 3.2.0/3.2.1

In Moodle 3.2.x, global search displays user names for unauthenticated users.

5.0
2017-03-24 CVE-2017-7243 Eclipse Null Pointer Dereference vulnerability in Eclipse Tinydtls 0.8.2

Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake.

5.0
2017-03-24 CVE-2017-7240 Miele Professional Path Traversal vulnerability in Miele Professional Pst10 Webserver

An issue was discovered on Miele Professional PST10 devices.

5.0
2017-03-24 CVE-2017-5335 Opensuse
GNU
Out-Of-Bounds Read vulnerability in multiple products

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

5.0
2017-03-24 CVE-2016-7797 Clusterlabs
Opensuse
Opensuse Project
Suse
Redhat
7PK - Security Features vulnerability in multiple products

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

5.0
2017-03-24 CVE-2016-2225 Uclibc NG Project Resource Exhaustion vulnerability in Uclibc-Ng Project Uclibc-Ng

The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.

5.0
2017-03-24 CVE-2016-2224 Uclibc NG Project Resource Exhaustion vulnerability in Uclibc-Ng Project Uclibc-Ng

The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.

5.0
2017-03-24 CVE-2016-10132 Artifex
Fedoraproject
Null Pointer Dereference vulnerability in multiple products

regexp.c in Artifex Software, Inc.

5.0
2017-03-24 CVE-2016-10129 Libgit2 Project Null Pointer Dereference vulnerability in Libgit2 Project Libgit2 0.25.0

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.

5.0
2017-03-24 CVE-2016-10149 Pysaml2 Project
Debian
XXE vulnerability in multiple products

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

5.0
2017-03-23 CVE-2015-8627 Mediawiki Improper Access Control vulnerability in Mediawiki

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.

5.0
2017-03-23 CVE-2015-8626 Mediawiki Credentials Management vulnerability in Mediawiki

The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.

5.0
2017-03-23 CVE-2015-8625 Mediawiki Information Exposure vulnerability in Mediawiki

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.

5.0
2017-03-23 CVE-2015-5729 Samsung Information Exposure vulnerability in Samsung products

The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack.

5.0
2017-03-23 CVE-2016-9399 Jasper Project
Fedoraproject
Opensuse
Reachable Assertion vulnerability in multiple products

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

5.0
2017-03-23 CVE-2016-9398 Jasper Project
Fedoraproject
Opensuse
Suse
Reachable Assertion vulnerability in multiple products

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

5.0
2017-03-23 CVE-2016-9397 Jasper Project
Fedoraproject
Reachable Assertion vulnerability in multiple products

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

5.0
2017-03-23 CVE-2016-9396 Jasper Project Unspecified vulnerability in Jasper Project Jasper

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.

5.0
2017-03-23 CVE-2016-9391 Jasper Project Assertion Failures Denial of Service vulnerability in JasPer

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

5.0
2017-03-23 CVE-2016-9389 Jasper Project Assertion Failures Denial of Service vulnerability in JasPer

The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).

5.0
2017-03-23 CVE-2016-9276 Libdwarf Project Out-Of-Bounds Read vulnerability in Libdwarf Project Libdwarf

The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).

5.0
2017-03-23 CVE-2016-9275 Libdwarf Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libdwarf Project Libdwarf

Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).

5.0
2017-03-23 CVE-2016-10048 Imagemagick
Opensuse Project
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.

5.0
2017-03-23 CVE-2017-5227 Qnap Information Exposure vulnerability in Qnap QTS

QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.

5.0
2017-03-23 CVE-2016-9167 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Edirectory

NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.

5.0
2017-03-23 CVE-2016-5754 Netiq Information Exposure vulnerability in Netiq Access Manager 4.1/4.2

Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.

5.0
2017-03-23 CVE-2016-5752 Netiq Information Exposure vulnerability in Netiq Access Manager 4.1/4.2

The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.

5.0
2017-03-23 CVE-2016-5747 Novell Improper Access Control vulnerability in Novell Edirectory

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.

5.0
2017-03-22 CVE-2017-3851 Cisco Path Traversal vulnerability in Cisco IOX 1.1.0/1.1(0)

A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device.

5.0
2017-03-22 CVE-2017-7227 GNU Buffer Errors vulnerability in GNU Binutils 2.28

GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash.

5.0
2017-03-22 CVE-2017-7225 GNU Null Pointer Dereference vulnerability in GNU Binutils 2.28

The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.

5.0
2017-03-22 CVE-2017-7223 GNU Buffer Errors vulnerability in GNU Binutils 2.28

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

5.0
2017-03-22 CVE-2014-9839 Imagemagick Buffer Errors vulnerability in Imagemagick 6.8.99

magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).

5.0
2017-03-21 CVE-2017-7214 Openstack Information Exposure Through LOG Files vulnerability in Openstack Nova

An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1.

5.0
2017-03-21 CVE-2017-7200 Openstack Server-Side Request Forgery (SSRF) vulnerability in Openstack Glance

An SSRF issue was discovered in OpenStack Glance before Newton.

5.0
2017-03-20 CVE-2017-6805 Mobatek Path Traversal vulnerability in Mobatek Mobaxterm 9.4

Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a ..

5.0
2017-03-20 CVE-2017-6356 Palo Alto Networks Incorrect Permission Assignment FOR Critical Resource vulnerability in Palo Alto Networks Terminal Services Agent 6.0/7.0/8.0

Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors.

5.0
2017-03-20 CVE-2017-6318 Opensuse
Sane Backends Project
Information Exposure vulnerability in multiple products

saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.

5.0
2017-03-20 CVE-2017-6058 Qemu Classic Buffer Overflow vulnerability in Qemu

Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.

5.0
2017-03-20 CVE-2016-9165 CA Information Exposure vulnerability in CA products

The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.

5.0
2017-03-20 CVE-2015-1610 Opendaylight Permissions, Privileges, and Access Controls vulnerability in Opendaylight L2Switch

hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing."

5.0
2017-03-20 CVE-2014-9851 Opensuse
Opensuse Project
Canonical
Imagemagick
Improper Input Validation vulnerability in multiple products

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).

5.0
2017-03-20 CVE-2014-9850 Opensuse
Opensuse Project
Canonical
Imagemagick
Resource Management Errors vulnerability in multiple products

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

5.0
2017-03-20 CVE-2014-9849 Opensuse
Opensuse Project
Canonical
Imagemagick
Resource Exhaustion vulnerability in multiple products

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).

5.0
2017-03-20 CVE-2014-9848 Opensuse
Opensuse Project
Canonical
Imagemagick
Resource Management Errors vulnerability in multiple products

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

5.0
2017-03-20 CVE-2014-9842 Opensuse
Opensuse Project
Canonical
Imagemagick
Resource Exhaustion vulnerability in multiple products

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

5.0
2017-03-20 CVE-2017-7186 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre and Pcre2

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

5.0
2017-03-25 CVE-2017-7262 AMD Improper Input Validation vulnerability in AMD Ryzen

The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite.

4.9
2017-03-24 CVE-2017-7261 Linux Improper Input Validation vulnerability in Linux Kernel

The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.

4.9
2017-03-20 CVE-2016-10214 Virglrenderer Project Resource Management Errors vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0

Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

4.9
2017-03-22 CVE-2017-6970 Alienvault
Nfsen
OS Command Injection vulnerability in multiple products

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.

4.6
2017-03-20 CVE-2017-6178 Usbpcap Project Null Pointer Dereference vulnerability in Usbpcap Project Usbpcap 1.1.0.0

The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.

4.6
2017-03-26 CVE-2017-2645 Moodle Cross-Site Scripting vulnerability in Moodle

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.

4.3
2017-03-26 CVE-2017-2644 Moodle Cross-Site Scripting vulnerability in Moodle

In Moodle 3.x, XSS can occur via evidence of prior learning.

4.3
2017-03-24 CVE-2016-10267 Libtiff Divide BY Zero vulnerability in Libtiff 4.0.7

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.

4.3
2017-03-24 CVE-2016-10266 Libtiff Divide BY Zero vulnerability in Libtiff 4.0.7

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.

4.3
2017-03-24 CVE-2017-5508 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.

4.3
2017-03-24 CVE-2016-10130 Libgit2 Project Improper Access Control vulnerability in Libgit2 Project Libgit2 0.25.0

The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.

4.3
2017-03-24 CVE-2017-6507 Apparmor
Canonical
Improper Privilege Management vulnerability in multiple products

An issue was discovered in AppArmor before 2.12.

4.3
2017-03-23 CVE-2017-7251 PI Engine Cross-Site Scripting vulnerability in PI Engine PI

A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0.

4.3
2017-03-23 CVE-2017-7250 Gazelle Project Cross-Site Scripting vulnerability in Gazelle Project Gazelle

A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19.

4.3
2017-03-23 CVE-2017-7249 Gazelle Project Cross-Site Scripting vulnerability in Gazelle Project Gazelle

Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19.

4.3
2017-03-23 CVE-2017-7248 Gazelle Project Cross-Site Scripting vulnerability in Gazelle Project Gazelle

A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19.

4.3
2017-03-23 CVE-2017-7247 Gazelle Project Cross-Site Scripting vulnerability in Gazelle Project Gazelle

Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19.

4.3
2017-03-23 CVE-2017-7244 Pcre Out-Of-Bounds Read vulnerability in Pcre 8.40

The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.

4.3
2017-03-23 CVE-2015-8628 Mediawiki Information Exposure vulnerability in Mediawiki

The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.

4.3
2017-03-23 CVE-2015-8622 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')."

4.3
2017-03-23 CVE-2017-7242 Slims Cross-Site Scripting vulnerability in Slims Slims7 Cendana

Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php.

4.3
2017-03-23 CVE-2016-9557 Jasper Project Integer Overflow OR Wraparound vulnerability in Jasper Project Jasper

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

4.3
2017-03-23 CVE-2016-9556 Imagemagick
Debian
Opensuse Project
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

4.3
2017-03-23 CVE-2016-9395 Jasper Project Improper Input Validation vulnerability in Jasper Project Jasper

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

4.3
2017-03-23 CVE-2016-9394 Jasper Project Improper Input Validation vulnerability in Jasper Project Jasper

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

4.3
2017-03-23 CVE-2016-9393 Jasper Project Denial of Service vulnerability in Jasper Project Jasper 1.900.17

The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

4.3
2017-03-23 CVE-2016-9392 Jasper Project Denial of Service vulnerability in JasPer Assertion Failure

The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

4.3
2017-03-23 CVE-2016-9390 Jasper Project Improper Input Validation vulnerability in Jasper Project Jasper

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

4.3
2017-03-23 CVE-2016-9388 Jasper Project Assertion Failures Denial of Service vulnerability in Jasper Project Jasper 1.900.14

The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

4.3
2017-03-23 CVE-2016-9266 Libming Numeric Errors vulnerability in Libming 0.4.7

listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift.

4.3
2017-03-23 CVE-2016-9265 Libming Divide BY Zero vulnerability in Libming 0.4.7

The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.

4.3
2017-03-23 CVE-2016-9264 Libming Buffer Errors vulnerability in Libming 0.4.7

Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.

4.3
2017-03-23 CVE-2016-9262 Jasper Project Integer Overflow OR Wraparound vulnerability in Jasper Project Jasper

Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.

4.3
2017-03-23 CVE-2016-9011 Wvware Buffer Errors vulnerability in Wvware Libwmf 0.2.8.4

The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.

4.3
2017-03-23 CVE-2016-8887 Jasper Project
Fedoraproject
Null Pointer Dereference vulnerability in multiple products

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

4.3
2017-03-23 CVE-2016-8885 Jasper Project Null Pointer Dereference vulnerability in Jasper Project Jasper

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.

4.3
2017-03-23 CVE-2016-10053 Imagemagick Divide BY Zero vulnerability in Imagemagick

The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.

4.3
2017-03-23 CVE-2016-10046 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

4.3
2017-03-23 CVE-2014-9915 Imagemagick Numeric Errors vulnerability in Imagemagick

Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.

4.3
2017-03-23 CVE-2016-6225 Percona
Opensuse
Fedoraproject
Inadequate Encryption Strength vulnerability in multiple products

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack.

4.3
2017-03-23 CVE-2016-10255 Elfutils Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Elfutils Project Elfutils

The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.

4.3
2017-03-23 CVE-2016-10254 Elfutils Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Elfutils Project Elfutils

The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.

4.3
2017-03-23 CVE-2016-7468 F5 Improper Access Control vulnerability in F5 products

An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic.

4.3
2017-03-23 CVE-2016-9169 Novell Cross-Site Scripting vulnerability in Novell Groupwise 2014

A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link.

4.3
2017-03-23 CVE-2016-9168 Novell Improper Input Validation vulnerability in Novell Edirectory

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.

4.3
2017-03-23 CVE-2016-5756 Netiq Cross-Site Scripting vulnerability in Netiq Access Manager 4.1/4.2

Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp.

4.3
2017-03-23 CVE-2016-5755 Netiq Improper Input Validation vulnerability in Netiq Access Manager 4.1/4.2

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.

4.3
2017-03-23 CVE-2016-5751 Netiq Cross-Site Scripting vulnerability in Netiq Access Manager 4.1/4.2

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.

4.3
2017-03-22 CVE-2017-5673 Kunena Cross-Site Scripting vulnerability in Kunena 5.0.2/5.0.3/5.0.4

In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS.

4.3
2017-03-22 CVE-2017-7224 GNU Out-Of-Bounds Write vulnerability in GNU Binutils 2.28

The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.

4.3
2017-03-22 CVE-2014-9840 Imagemagick Buffer Errors vulnerability in Imagemagick 6.8.99

ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.

4.3
2017-03-22 CVE-2014-9838 Imagemagick Unspecified vulnerability in Imagemagick 6.8.99

magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).

4.3
2017-03-22 CVE-2014-9836 Imagemagick Buffer Errors vulnerability in Imagemagick 6.8.99

ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.

4.3
2017-03-22 CVE-2017-7222 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration.

4.3
2017-03-21 CVE-2017-7215 Misp Project Cross-Site Scripting vulnerability in Misp Project Misp

Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML.

4.3
2017-03-21 CVE-2017-7210 GNU Buffer Errors vulnerability in GNU Binutils 2.28

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.

4.3
2017-03-21 CVE-2017-7209 GNU Null Pointer Dereference vulnerability in GNU Binutils 2.28

The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.

4.3
2017-03-21 CVE-2017-7207 Artifex Null Pointer Dereference vulnerability in Artifex Ghostscript 9.20

The mem_get_bits_rectangle function in Artifex Software, Inc.

4.3
2017-03-21 CVE-2017-7205 Gamepanelx Cross-Site Scripting vulnerability in Gamepanelx Gamepanelx-V3 3.0.12

A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12.

4.3
2017-03-21 CVE-2017-7204 Imdbphp Project Cross-Site Scripting vulnerability in Imdbphp Project Imdbphp 5.1.1

A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1.

4.3
2017-03-21 CVE-2017-7203 Zoneminder Cross-Site Scripting vulnerability in Zoneminder 1.30.2

A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2.

4.3
2017-03-21 CVE-2017-7202 Slims Cross-Site Scripting vulnerability in Slims Slims7 Cendana

Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16.

4.3
2017-03-20 CVE-2016-4930 Juniper Cross-Site Scripting vulnerability in Juniper Junos Space 15.1/15.2

Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions.

4.3
2017-03-20 CVE-2017-6839 Audiofile Integer Overflow OR Wraparound vulnerability in Audiofile 0.3.6

Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-20 CVE-2017-6838 Audiofile Integer Overflow OR Wraparound vulnerability in Audiofile 0.3.6

Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-20 CVE-2017-6837 Audiofile Improper Input Validation vulnerability in Audiofile 0.3.6

WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.

4.3
2017-03-20 CVE-2017-6836 Audiofile
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-20 CVE-2017-6835 Audiofile Divide BY Zero vulnerability in Audiofile 0.3.6

The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.

4.3
2017-03-20 CVE-2017-6834 Audiofile
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-20 CVE-2017-6833 Audiofile Divide BY Zero vulnerability in Audiofile 0.3.6

The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.

4.3
2017-03-20 CVE-2017-6832 Audiofile
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-20 CVE-2017-6831 Audiofile
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-20 CVE-2017-6830 Audiofile Buffer Errors vulnerability in Audiofile 0.3.6

Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-20 CVE-2017-6829 Audiofile Out-Of-Bounds Read vulnerability in Audiofile 0.3.6

The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-20 CVE-2015-8985 GNU Data Processing Errors vulnerability in GNU Glibc

The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.

4.3
2017-03-20 CVE-2015-8984 GNU Out-Of-Bounds Read vulnerability in GNU Glibc

The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.

4.3
2017-03-20 CVE-2014-9845 Suse
Opensuse
Opensuse Project
Canonical
Imagemagick
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

4.3
2017-03-20 CVE-2014-9844 Suse
Opensuse
Opensuse Project
Canonical
Imagemagick
Out-Of-Bounds Read vulnerability in multiple products

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

4.3
2017-03-23 CVE-2014-0229 Cloudera
Apache
Permissions, Privileges, and Access Controls vulnerability in multiple products

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

4.0
2017-03-23 CVE-2017-5524 Plone USE of Externally-Controlled Format String vulnerability in Plone

Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.

4.0
2017-03-23 CVE-2016-1603 Novell Information Exposure vulnerability in Novell Netiq IDM Servicenow Driver

An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.

4.0
2017-03-20 CVE-2016-4931 Juniper XXE vulnerability in Juniper Junos Space 15.1/15.2

XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.

4.0
2017-03-20 CVE-2017-1155 IBM Information Exposure vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request.

4.0
2017-03-20 CVE-2016-8973 IBM Unrestricted Upload of File With Dangerous Type vulnerability in IBM Rational Rhapsody Design Manager

IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server.

4.0
2017-03-20 CVE-2016-2406 Huawei Permission Issues vulnerability in Huawei Document Security Management V100R002C03Spc005

The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button.

4.0

22 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-26 CVE-2017-5622 Oneplus Incorrect Default Permissions vulnerability in Oneplus Oxygenos

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled.

3.6
2017-03-24 CVE-2017-7257 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter.

3.5
2017-03-24 CVE-2017-7256 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter.

3.5
2017-03-24 CVE-2017-7255 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter.

3.5
2017-03-23 CVE-2015-8687 Alcatel Lucent Cross-Site Scripting vulnerability in Alcatel-Lucent Motive Home Device Manager

Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do.

3.5
2017-03-23 CVE-2015-4078 Cloudera Information Exposure vulnerability in Cloudera Manager and Navigator

Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

3.5
2017-03-23 CVE-2013-6446 Cloudera Permissions, Privileges, and Access Controls vulnerability in Cloudera CDH

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.

3.5
2017-03-20 CVE-2017-5930 Opensuse
Postfixadmin Project
Missing Authorization vulnerability in multiple products

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.

3.5
2017-03-20 CVE-2017-1146 IBM Cross-Site Scripting vulnerability in IBM Content Navigator 2.0.3/3.0.0

IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting.

3.5
2017-03-20 CVE-2016-9696 IBM Cross-Site Scripting vulnerability in IBM Rational Rhapsody Design Manager

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection.

3.5
2017-03-20 CVE-2016-9694 IBM Cross-Site Scripting vulnerability in IBM Rational Rhapsody Design Manager

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-03-21 CVE-2016-6650 EMC Information Exposure vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines

EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.

2.6
2017-03-24 CVE-2016-3179 Miniupnp Project USE After Free vulnerability in Miniupnp Project Minissdpd 1.2.201309073

The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.

2.1
2017-03-24 CVE-2016-3178 Miniupnp Project Out-Of-Bounds Read vulnerability in Miniupnp Project Minissdpd 1.2.201309073

The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value.

2.1
2017-03-23 CVE-2017-6911 USB Pratirodh Project Insecure Storage of Sensitive Information vulnerability in USB Pratirodh Project USB Pratirodh

USB Pratirodh is prone to sensitive information disclosure.

2.1
2017-03-23 CVE-2015-2263 Cloudera Permissions, Privileges, and Access Controls vulnerability in Cloudera Manager

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process.

2.1
2017-03-23 CVE-2016-5749 Netiq XXE vulnerability in Netiq Access Manager 4.1/4.2

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.

2.1
2017-03-23 CVE-2016-5748 Netiq XXE vulnerability in Netiq Access Manager 4.1/4.2

External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.

2.1
2017-03-20 CVE-2017-5987 Qemu
Debian
Infinite Loop vulnerability in multiple products

The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.

2.1
2017-03-20 CVE-2017-5956 Virglrenderer Project Out-Of-Bounds Read vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0

The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.

2.1
2017-03-20 CVE-2016-9697 IBM Information Exposure vulnerability in IBM Rational Rhapsody Design Manager

An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack.

2.1
2017-03-20 CVE-2016-2981 IBM Information Exposure vulnerability in IBM Rational Collaborative Lifecycle Management

An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials.

2.1