CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2016-8008 264 2017-03-14 2017-03-27
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system.
1052 CVE-2016-8007 284 Bypass 2017-03-14 2017-03-23
3.0
None Local Medium ??? None Partial Partial
Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions.
1053 CVE-2016-8005 264 2017-03-14 2017-03-30
4.0
None Remote Low ??? None Partial None
File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension.
1054 CVE-2016-7972 399 DoS 2017-03-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
1055 CVE-2016-7970 119 DoS Overflow 2017-03-03 2017-03-04
5.0
None Remote Low Not required None None Partial
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
1056 CVE-2016-7969 125 DoS 2017-03-03 2020-10-14
5.0
None Remote Low Not required None None Partial
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
1057 CVE-2016-7955 264 Exec Code Bypass +Info 2017-03-15 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.
1058 CVE-2016-7797 254 DoS 2017-03-24 2018-10-30
5.0
None Remote Low Not required None None Partial
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
1059 CVE-2016-7789 89 Exec Code Sql 2017-03-07 2017-04-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.
1060 CVE-2016-7788 89 Exec Code Sql 2017-03-07 2017-04-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
1061 CVE-2016-7784 89 Exec Code Sql 2017-03-07 2017-07-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
1062 CVE-2016-7783 89 Exec Code Sql 2017-03-07 2017-03-31
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
1063 CVE-2016-7782 89 Exec Code Sql 2017-03-07 2017-03-31
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.
1064 CVE-2016-7781 89 Exec Code Sql 2017-03-07 2017-03-31
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.
1065 CVE-2016-7780 89 Exec Code Sql 2017-03-07 2017-03-31
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
1066 CVE-2016-7542 200 +Info 2017-03-30 2017-07-28
4.0
None Remote Low ??? Partial None None
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.
1067 CVE-2016-7541 254 2017-03-30 2017-04-04
4.3
None Remote Medium Not required None Partial None
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.
1068 CVE-2016-7474 200 +Info 2017-03-27 2019-06-06
2.1
None Local Low Not required Partial None None
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.
1069 CVE-2016-7468 284 2017-03-23 2019-06-06
4.3
None Remote Medium Not required None None Partial
An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting "enabled". The default value for the tm.tcpprogressive db variable is "negotiate". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.
1070 CVE-2016-7409 200 +Info 2017-03-03 2017-03-04
2.1
None Local Low Not required Partial None None
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
1071 CVE-2016-7408 284 Exec Code 2017-03-03 2017-03-04
6.5
None Remote Low ??? Partial Partial Partial
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
1072 CVE-2016-7407 20 Exec Code 2017-03-03 2017-03-04
10.0
None Remote Low Not required Complete Complete Complete
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
1073 CVE-2016-7406 20 Exec Code 2017-03-03 2017-03-04
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
1074 CVE-2016-7145 287 2017-03-07 2017-03-08
7.5
None Remote Low Not required Partial Partial Partial
The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
1075 CVE-2016-7140 79 XSS 2017-03-07 2018-10-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1076 CVE-2016-7139 79 XSS 2017-03-07 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
1077 CVE-2016-7138 79 XSS 2017-03-07 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
1078 CVE-2016-7137 601 2017-03-07 2018-10-09
5.8
None Remote Medium Not required Partial Partial None
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.
1079 CVE-2016-7136 79 XSS 2017-03-07 2018-10-09
4.3
None Remote Medium Not required None Partial None
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
1080 CVE-2016-7135 22 Dir. Trav. 2017-03-07 2018-10-09
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.
1081 CVE-2016-7103 79 XSS 2017-03-15 2022-02-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
1082 CVE-2016-6906 125 DoS 2017-03-15 2017-11-04
4.3
None Remote Medium Not required None None Partial
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.
1083 CVE-2016-6884 125 DoS XSS 2017-03-03 2017-12-15
4.3
None Remote Medium Not required None None Partial
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.
1084 CVE-2016-6883 200 XSS +Info 2017-03-03 2017-12-15
4.3
None Remote Medium Not required Partial None None
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.
1085 CVE-2016-6882 200 XSS +Info 2017-03-03 2017-12-15
4.3
None Remote Medium Not required Partial None None
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.
1086 CVE-2016-6846 79 XSS 2017-03-29 2017-04-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML.
1087 CVE-2016-6816 20 XSS +Info 2017-03-20 2020-10-05
6.8
None Remote Medium Not required Partial Partial Partial
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
1088 CVE-2016-6807 284 Exec Code 2017-03-28 2017-04-04
7.5
None Remote Low Not required Partial Partial Partial
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.
1089 CVE-2016-6650 200 +Info 2017-03-21 2017-07-12
2.6
None Remote High Not required Partial None None
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.
1090 CVE-2016-6561 476 2017-03-31 2017-05-02
7.8
None Remote Low Not required None None Complete
illumos smbsrv NULL pointer dereference allows system crash.
1091 CVE-2016-6560 20 2017-03-31 2019-10-09
7.8
None Remote Low Not required None None Complete
illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash.
1092 CVE-2016-6522 190 DoS Overflow 2017-03-07 2017-03-09
4.9
None Local Low Not required None None Complete
Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.
1093 CVE-2016-6485 327 2017-03-01 2018-07-10
5.0
None Remote Low Not required Partial None None
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
1094 CVE-2016-6350 476 DoS 2017-03-07 2017-03-09
4.9
None Local Low Not required None None Complete
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.
1095 CVE-2016-6349 200 +Info 2017-03-29 2017-04-06
2.1
None Local Low Not required Partial None None
The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.
1096 CVE-2016-6255 284 2017-03-07 2017-11-03
5.0
None Remote Low Not required None Partial None
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
1097 CVE-2016-6247 20 DoS 2017-03-07 2017-03-09
4.9
None Local Low Not required None None Complete
OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.
1098 CVE-2016-6246 20 DoS 2017-03-07 2017-03-09
4.9
None Local Low Not required None None Complete
OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.
1099 CVE-2016-6245 DoS 2017-03-07 2017-03-09
4.9
None Local Low Not required None None Complete
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.
1100 CVE-2016-6244 20 DoS 2017-03-07 2017-03-08
7.8
None Remote Low Not required None None Complete
The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value.
Total number of vulnerabilities : 1305   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.