The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-2361 | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the Help Viewer component, which allows XSS attacks via a crafted web site. | MEDIUM | Feb 24, 2017 |
| CVE-2017-2615 | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. | HIGH | Feb 24, 2017 |
| CVE-2017-2629 | curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server\'s certificate\'s validity in the code that checks for a test success or failure. It ends up always thinking there\'s valid proof, even when there is none or if the server doesn\'t support the TLS extension in question. This could lead to users not detecting when a server\'s certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status). | MEDIUM | Feb 24, 2017 |
| CVE-2017-2789 | When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application. | HIGH | Feb 24, 2017 |
| CVE-2017-2790 | When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application. | HIGH | Feb 24, 2017 |
| CVE-2017-2791 | JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application. | MEDIUM | Feb 24, 2017 |
| CVE-2017-3813 | A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976. | HIGH | Feb 24, 2017 |
| CVE-2017-3828 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). | MEDIUM | Feb 24, 2017 |
| CVE-2017-3829 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6). | MEDIUM | Feb 24, 2017 |
| CVE-2017-3830 | A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2. | MEDIUM | Feb 24, 2017 |
| CVE-2017-3833 | A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). | MEDIUM | Feb 24, 2017 |
| CVE-2017-3835 | A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). | MEDIUM | Feb 24, 2017 |
| CVE-2017-3836 | A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). | MEDIUM | Feb 24, 2017 |
| CVE-2017-5144 | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication. | HIGH | Feb 24, 2017 |
| CVE-2017-5145 | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | HIGH | Feb 24, 2017 |
| CVE-2017-5146 | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text. | MEDIUM | Feb 24, 2017 |
| CVE-2017-5168 | An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | MEDIUM | Feb 24, 2017 |
| CVE-2017-5169 | An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | MEDIUM | Feb 24, 2017 |
| CVE-2017-5669 | The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. | MEDIUM | Feb 24, 2017 |
| CVE-2017-5991 | An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6076 | In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. | LOW | Feb 24, 2017 |
| CVE-2017-6077 | ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. | HIGH | Feb 24, 2017 |
| CVE-2017-6100 | tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6188 | Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. | LOW | Feb 24, 2017 |
| CVE-2017-6205 | D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors. | HIGH | Feb 24, 2017 |
| CVE-2017-6206 | D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6214 | The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6298 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as 1 of 9. Null Pointer Deref / calloc return value not checked. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6299 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as 2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c.<a href=http://cwe.mitre.org/data/definitions/835.html>CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')</a> | MEDIUM | Feb 24, 2017 |
| CVE-2017-6300 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as 3 of 9. Buffer Overflow in version field in lib/tnef-types.h. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6301 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as 4 of 9. Out of Bounds Reads. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6302 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as 5 of 9. Integer Overflow. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6303 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as 6 of 9. Invalid Write and Integer Overflow. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6304 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as 7 of 9. Out of Bounds read. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6305 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as 8 of 9. Out of Bounds read and write. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6306 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as 9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6307 | An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6308 | An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6309 | An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. | MEDIUM | Feb 24, 2017 |
| CVE-2017-6310 | An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. | MEDIUM | Feb 24, 2017 |
| CVE-2013-7459 | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | High | Feb 23, 2017 |
| CVE-2014-9916 | Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php. | -- | Feb 23, 2017 |
| CVE-2015-4056 | The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access. | Low | Feb 23, 2017 |
| CVE-2015-8979 | Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242. | Medium | Feb 23, 2017 |
| CVE-2016-10227 | Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. | HIGH | Feb 23, 2017 |
| CVE-2016-1245 | It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. | HIGH | Feb 23, 2017 |
| CVE-2016-3013 | IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661. | MEDIUM | Feb 23, 2017 |
| CVE-2016-3052 | IBM WebSphere MQ 8.0, under nonstandard configurations, sends password data in cleartext over the network that could be intercepted using main in the middle techniques. IBM Reference #: 1998660. | MEDIUM | Feb 23, 2017 |
| CVE-2016-3694 | Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php. | HIGH | Feb 23, 2017 |
| CVE-2016-5726 | Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | HIGH | Feb 23, 2017 |
