Open Bugtraq


2017-02-25
Med.
2017-02-24
High
Med.
Med.
High
Low
Med.
Med.
Med.
Med.
High
Low
Med.


The latest CVEs

2017-02-24
CVE-2017-5669 Linux Linux kernel
The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.

2017-02-23
CVE-2017-6205 Dlink Websmart dgs-1510 series firmw...
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors.

CVE-2017-6206 Dlink Websmart dgs-1510 series firmw...
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.

CVE-2016-5883 IBM Inotes
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010.

CVE-2016-6055 IBM Rational requirements composer
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515.

CVE-2017-6214 Linux Linux kernel
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.

CVE-2017-6100 Tcpdf project Tcpdf
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.

CVE-2017-6076 Wolfssl Wolfssl
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.

CVE-2017-6298 Ytnef project Ytnef
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."

CVE-2017-6299 Ytnef project Ytnef
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."


Dorks


2017-02-25
Med.
Habib Ullah
2017-02-24
Med.
Ihsan Sencan
Med.
Ihsan Sencan
Med.
Ihsan Sencan
Med.
Ihsan Sencan

Copyright 2017, cxsecurity.com