Open Bugtraq


2017-02-28
Med.
High
High
Low
Med.
High
2017-02-27
High
Med.
Med.
Med.
Med.
Med.
Med.


The latest CVEs

2017-02-27
CVE-2017-6349 VIM VIM
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

CVE-2017-6350 VIM VIM
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

CVE-2017-2683 Siemens Ruggedcom network management s...
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.

CVE-2016-9815 XEN XEN
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.

CVE-2016-9818 XEN XEN
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.

2017-02-26
CVE-2017-0037 Microsoft EDGE
Microsoft Internet Explorer 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that oper...

2017-02-24
CVE-2017-5669 Linux Linux kernel
The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.

CVE-2016-9009 IBM Websphere mq
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.

CVE-2016-9975 IBM Dashboard application services...
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714.

CVE-2016-2226 GNU Libiberty
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.


Dorks


2017-02-28
High
Berandal | OWL SQUAD
2017-02-27
Med.
IrIsT.Ir
Med.
IrIsT.Ir
Med.
IrIsT.Ir
Med.
IrIsT.Ir

Copyright 2017, cxsecurity.com