CVE-2017-7231 CVSS:0.0
pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the 'process()' function of the 'pngdefry.c' source file. (Last Update:2017-03-22) (Publish Update:2017-03-22)
CVE-2017-7230 CVSS:0.0
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. (Last Update:2017-03-22) (Publish Update:2017-03-22)
CVE-2017-7227 CVSS:0.0
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. (Last Update:2017-03-22) (Publish Update:2017-03-22)
CVE-2017-7226 CVSS:0.0
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. (Last Update:2017-03-22) (Publish Update:2017-03-22)
CVE-2017-7225 CVSS:0.0
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. (Last Update:2017-03-22) (Publish Update:2017-03-22)
CVE-2017-7224 CVSS:0.0
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. (Last Update:2017-03-22) (Publish Update:2017-03-22)
CVE-2017-7223 CVSS:0.0
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. (Last Update:2017-03-22) (Publish Update:2017-03-22)
CVE-2017-7222 CVSS:0.0
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php). (Last Update:2017-03-22) (Publish Update:2017-03-22)
CVE-2017-6972 CVSS:0.0
Unspecified vulnerability in AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 has unknown impact and attack vectors, aka AlienVault ID ENG-104945. This is different from CVE-2017-6970 and CVE-2017-6971, and less directly relevant. (Additional details are expected to be released in a new public reference.) (Last Update:2017-03-22) (Publish Update:2017-03-22)
CVE-2017-6971 CVSS:0.0
AlienVault USM and OSSIM before 5.3.5 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. NOTE: the AlienVault vendor statement of affected versions is disputed by another party. (Last Update:2017-03-22) (Publish Update:2017-03-22)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com