CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2016-10227 399 DoS 2017-02-21 2017-03-29
7.8
None Remote Low Not required None None Complete
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets.
352 CVE-2016-10224 254 2017-02-13 2021-08-31
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.
353 CVE-2016-10223 284 Exec Code 2017-02-14 2017-02-16
3.5
None Remote Medium ??? None Partial None
An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
354 CVE-2016-10216 79 Exec Code XSS 2017-02-10 2017-03-03
4.3
None Remote Medium Not required None Partial None
An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
355 CVE-2016-10215 79 Exec Code XSS 2017-02-10 2017-03-03
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
356 CVE-2016-10213 200 +Info 2017-02-08 2017-03-01
4.3
None Remote Medium Not required Partial None None
A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
357 CVE-2016-10212 200 +Info 2017-02-08 2017-03-02
4.3
None Remote Medium Not required Partial None None
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.
358 CVE-2016-10208 125 DoS 2017-02-06 2018-08-24
4.9
None Local Low Not required None None Complete
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.
359 CVE-2016-10207 119 DoS Overflow 2017-02-28 2018-02-01
5.0
None Remote Low Not required None None Partial
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
360 CVE-2016-10199 125 DoS 2017-02-09 2018-01-05
5.0
None Remote Low Not required None None Partial
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
361 CVE-2016-10198 125 DoS 2017-02-09 2020-05-30
4.3
None Remote Medium Not required None None Partial
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
362 CVE-2016-10192 119 Exec Code Overflow 2017-02-09 2017-02-24
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
363 CVE-2016-10191 119 Exec Code Overflow 2017-02-09 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
364 CVE-2016-10190 119 Exec Code Overflow 2017-02-09 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.
365 CVE-2016-10173 22 Dir. Trav. 2017-02-01 2017-12-09
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
366 CVE-2016-10165 125 DoS +Info 2017-02-03 2018-10-30
5.8
None Remote Medium Not required Partial None Partial
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
367 CVE-2016-10164 119 DoS Exec Code Overflow 2017-02-01 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
368 CVE-2016-10154 119 DoS Overflow Mem. Corr. 2017-02-06 2017-02-09
4.9
None Local Low Not required None None Complete
The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist.
369 CVE-2016-10153 399 DoS Mem. Corr. 2017-02-06 2017-02-09
7.2
None Local Low Not required Complete Complete Complete
The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code.
370 CVE-2016-10150 264 DoS +Priv 2017-02-06 2017-02-09
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.
371 CVE-2016-10134 89 Exec Code Sql 2017-02-17 2017-11-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
372 CVE-2016-10109 416 DoS 2017-02-23 2021-06-29
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
373 CVE-2016-10098 77 Exec Code 2017-02-05 2017-02-10
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands.
374 CVE-2016-10089 264 +Priv 2017-02-15 2017-11-23
7.2
None Local Low Not required Complete Complete Complete
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
375 CVE-2016-10079 20 DoS 2017-02-01 2017-02-28
5.0
None Remote Low Not required None None Partial
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
376 CVE-2016-10044 264 +Priv Bypass 2017-02-07 2017-07-25
7.2
None Local Low Not required Complete Complete Complete
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
377 CVE-2016-10029 125 DoS 2017-02-27 2020-11-09
2.1
None Local Low Not required None None Partial
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts.
378 CVE-2016-10028 125 DoS 2017-02-27 2020-11-10
2.1
None Local Low Not required None None Partial
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.
379 CVE-2016-10026 284 2017-02-13 2017-11-04
5.0
None Remote Low Not required None Partial None
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.
380 CVE-2016-9975 352 CSRF 2017-02-24 2017-03-02
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714.
381 CVE-2016-9963 320 2017-02-01 2017-02-15
2.6
None Remote High Not required Partial None None
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
382 CVE-2016-9956 284 2017-02-22 2020-10-22
5.0
None Remote Low Not required None Partial None
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
383 CVE-2016-9955 20 DoS 2017-02-17 2018-10-02
4.0
None Remote High Not required None Partial Partial
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
384 CVE-2016-9910 79 XSS 2017-02-22 2017-02-23
4.3
None Remote Medium Not required None Partial None
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909.
385 CVE-2016-9909 79 XSS 2017-02-22 2017-02-23
4.3
None Remote Medium Not required None Partial None
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
386 CVE-2016-9873 77 Exec Code 2017-02-03 2017-07-25
6.5
None Remote Low ??? Partial Partial Partial
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application.
387 CVE-2016-9872 79 XSS 2017-02-03 2017-07-25
4.3
None Remote Medium Not required None Partial None
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
388 CVE-2016-9871 264 2017-02-03 2017-03-14
9.0
None Remote Low ??? Complete Complete Complete
EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
389 CVE-2016-9831 119 Overflow 2017-02-17 2017-02-18
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.
390 CVE-2016-9829 119 Overflow 2017-02-17 2017-02-18
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.
391 CVE-2016-9828 476 DoS 2017-02-17 2017-02-18
4.3
None Remote Medium Not required None None Partial
The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.
392 CVE-2016-9827 119 DoS Overflow 2017-02-17 2017-02-18
4.3
None Remote Medium Not required None None Partial
The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file.
393 CVE-2016-9818 284 DoS 2017-02-27 2017-07-28
4.9
None Local Low Not required None None Complete
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
394 CVE-2016-9817 284 DoS 2017-02-27 2017-07-28
4.9
None Local Low Not required None None Complete
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
395 CVE-2016-9816 284 DoS 2017-02-27 2017-07-28
4.9
None Local Low Not required None None Complete
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
396 CVE-2016-9815 284 DoS 2017-02-27 2017-07-28
4.9
None Local Low Not required None None Complete
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
397 CVE-2016-9814 399 DoS 2017-02-17 2018-03-04
8.5
None Remote Low Not required None Partial Complete
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
398 CVE-2016-9773 119 DoS Overflow 2017-02-17 2017-02-23
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
399 CVE-2016-9772 200 +Info 2017-02-06 2017-02-08
5.0
None Remote Low Not required Partial None None
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
400 CVE-2016-9748 200 +Info 2017-02-08 2017-02-15
4.0
None Remote Low ??? Partial None None
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.
Total number of vulnerabilities : 1041   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.