Open Bugtraq


2017-02-27
High
Med.
Med.
Med.
Med.
Med.
Med.
Med.
2017-02-26
Med.
Low
2017-02-25
High
Med.
Med.


The latest CVEs

2017-02-27
CVE-2017-2683 Siemens Ruggedcom network management s...
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.

2017-02-26
CVE-2017-0037 Microsoft EDGE
Microsoft Internet Explorer 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that oper...

2017-02-24
CVE-2017-5669 Linux Linux kernel
The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.

CVE-2016-9009 IBM Websphere mq
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.

CVE-2016-9975 IBM Dashboard application services...
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714.

CVE-2016-2226 GNU Libiberty
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

CVE-2016-4041 Plone Plone
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.

CVE-2016-4042 Plone Plone
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.

CVE-2016-4487 GNU Libiberty
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."

CVE-2016-4488 GNU Libiberty
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."


Dorks


2017-02-27
Med.
IrIsT.Ir
Med.
IrIsT.Ir
Med.
IrIsT.Ir
Med.
IrIsT.Ir
Med.
IrIsT.Ir

Copyright 2017, cxsecurity.com