CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2016-8918 255 2017-02-01 2017-02-09
4.3
None Remote Medium Not required None Partial None
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
502 CVE-2016-8915 284 2017-02-22 2017-03-02
4.0
None Remote Low ??? None None Partial
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.
503 CVE-2016-8913 22 Dir. Trav. 2017-02-01 2017-02-07
4.0
None Remote Low ??? Partial None None
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
504 CVE-2016-8912 532 2017-02-01 2017-02-07
4.0
None Remote Low ??? Partial None None
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.
505 CVE-2016-8911 254 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
506 CVE-2016-8866 119 Overflow 2017-02-15 2021-04-28
6.8
None Remote Medium Not required Partial Partial Partial
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
507 CVE-2016-8862 119 Overflow 2017-02-15 2021-04-26
6.8
None Remote Medium Not required Partial Partial Partial
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
508 CVE-2016-8859 190 Overflow Mem. Corr. 2017-02-13 2020-07-27
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.
509 CVE-2016-8715 119 Exec Code Overflow 2017-02-28 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this vulnerability.
510 CVE-2016-8713 787 Mem. Corr. 2017-02-10 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
511 CVE-2016-8711 20 Exec Code 2017-02-10 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability.
512 CVE-2016-8709 119 Overflow Mem. Corr. 2017-02-10 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
513 CVE-2016-8693 415 DoS Exec Code 2017-02-15 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
514 CVE-2016-8692 369 DoS 2017-02-15 2018-01-05
4.3
None Remote Medium Not required None None Partial
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
515 CVE-2016-8691 369 DoS 2017-02-15 2018-01-05
4.3
None Remote Medium Not required None None Partial
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
516 CVE-2016-8690 476 DoS 2017-02-15 2018-11-22
4.3
None Remote Medium Not required None None Partial
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
517 CVE-2016-8689 125 DoS 2017-02-15 2018-11-30
5.0
None Remote Low Not required None None Partial
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
518 CVE-2016-8688 125 DoS 2017-02-15 2018-11-30
4.3
None Remote Medium Not required None None Partial
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.
519 CVE-2016-8687 119 DoS Overflow 2017-02-15 2018-11-30
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
520 CVE-2016-8684 119 Overflow 2017-02-15 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
521 CVE-2016-8683 119 Overflow 2017-02-15 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
522 CVE-2016-8682 125 DoS 2017-02-15 2018-10-30
5.0
None Remote Low Not required None None Partial
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
523 CVE-2016-8681 125 DoS 2017-02-15 2020-06-11
4.3
None Remote Medium Not required None None Partial
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
524 CVE-2016-8680 125 DoS 2017-02-15 2022-03-01
4.3
None Remote Medium Not required None None Partial
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
525 CVE-2016-8679 125 DoS 2017-02-15 2022-03-01
4.3
None Remote Medium Not required None None Partial
The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
526 CVE-2016-8678 125 DoS 2017-02-15 2017-02-22
4.3
None Remote Medium Not required None None Partial
The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."
527 CVE-2016-8677 2017-02-15 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
528 CVE-2016-8676 476 DoS 2017-02-15 2017-02-17
4.3
None Remote Medium Not required None None Partial
The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675.
529 CVE-2016-8675 476 DoS 2017-02-15 2017-02-17
4.3
None Remote Medium Not required None None Partial
The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.
530 CVE-2016-8674 416 DoS 2017-02-15 2017-11-04
4.3
None Remote Medium Not required None None Partial
The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.
531 CVE-2016-8659 264 +Priv 2017-02-13 2017-02-16
6.9
None Local Medium Not required Complete Complete Complete
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
532 CVE-2016-8652 20 DoS 2017-02-17 2017-02-22
4.3
None Remote Medium Not required None None Partial
The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.
533 CVE-2016-8636 190 DoS Overflow Mem. Corr. +Info 2017-02-22 2017-03-01
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.
534 CVE-2016-8569 476 DoS 2017-02-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
535 CVE-2016-8568 125 DoS 2017-02-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
536 CVE-2016-8567 798 +Priv 2017-02-13 2017-02-28
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP.
537 CVE-2016-8566 255 2017-02-13 2017-02-28
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database.
538 CVE-2016-8495 200 +Info 2017-02-13 2017-07-25
5.8
None Remote Medium Not required Partial Partial None
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
539 CVE-2016-8494 264 Exec Code 2017-02-09 2017-03-01
6.5
None Remote Low ??? Partial Partial Partial
Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.
540 CVE-2016-8492 200 +Info 2017-02-08 2017-03-02
4.3
None Remote Medium Not required Partial None None
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
541 CVE-2016-8491 798 2017-02-01 2017-02-24
9.4
None Remote Low Not required Complete Complete None
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
542 CVE-2016-8481 264 Exec Code 2017-02-08 2017-07-25
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000.
543 CVE-2016-8480 264 Exec Code 2017-02-08 2017-07-25
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186.
544 CVE-2016-8476 264 Exec Code 2017-02-08 2017-07-25
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940.
545 CVE-2016-8421 264 Exec Code 2017-02-08 2017-07-25
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797.
546 CVE-2016-8420 264 Exec Code 2017-02-08 2017-07-25
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807.
547 CVE-2016-8419 264 Exec Code 2017-02-08 2017-07-25
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209.
548 CVE-2016-8418 284 Exec Code 2017-02-08 2017-07-25
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457.
549 CVE-2016-8414 200 +Info 2017-02-08 2017-07-25
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407.
550 CVE-2016-8389 190 Exec Code Overflow 2017-02-28 2022-04-19
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it.
Total number of vulnerabilities : 1041   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.