Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE vulnerabilities

CVE Vulnerabilities

CVE vulnerabilities is a database of publicly known information security vulnerabilities and exposures.
Page: 123456 out of 2740

CVE-2016-4352 | February 03, 2017
Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-3183 | February 03, 2017
The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-2318 | February 03, 2017
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-2317 | February 03, 2017
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-10165 | February 03, 2017
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-0919 | February 03, 2017
EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-0890 | February 03, 2017
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-5600 | February 02, 2017
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-5219 | February 02, 2017
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component file, which will be extracted to the inf directory outside of the webroot. By creating a zip file containing an empty .ecf file, to pass file-validation checks, any other file provided in zip file will be extracted onto the filesystem. In this case, a web shell with the filename '..\WWWRoot\CustomPages\aspshell.asp' was included within the zip file that, when extracted, traversed back out of the inf directory and into the SageCRM webroot. This permitted remote interaction with the underlying filesystem with the highest privilege level, SYSTEM.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-5218 | February 02, 2017
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp?SID=&database=1';WAITFOR DELAY '0:0:5'-- URI is a Proof of Concept.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1093 | February 02, 2017
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6238 | February 02, 2017
The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6237 | February 02, 2017
The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6236 | February 02, 2017
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6235 | February 02, 2017
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6234 | February 02, 2017
The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6116 | February 02, 2017
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6103 | February 02, 2017
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6099 | February 02, 2017
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6095 | February 02, 2017
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-5935 | February 02, 2017
IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-1566 | February 02, 2017
Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.
Severity: Low | Impact score: 2.90 | Exploit score: 6.80
Vendors affected: Guac-dev

CVE-2017-5630 | February 01, 2017
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-3823 | February 01, 2017
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-3792 | February 01, 2017
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675.
Severity: High | Impact score: 10.00 | Exploit score: 10.00
Vendors affected: Cisco

Page: 123456 out of 2740

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »