CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2016-2880 320 2017-03-01 2017-03-09
2.1
None Local Low Not required Partial None None
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.
1152 CVE-2016-2879 326 2017-03-01 2017-03-04
2.1
None Local Low Not required Partial None None
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.
1153 CVE-2016-2406 275 +Info 2017-03-20 2017-03-23
4.0
None Remote Low ??? Partial None None
The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button.
1154 CVE-2016-2379 326 2017-03-29 2017-04-10
3.3
None Local Network Low Not required Partial None None
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
1155 CVE-2016-2225 400 DoS 2017-03-24 2017-03-27
5.0
None Remote Low Not required None None Partial
The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.
1156 CVE-2016-2224 400 DoS 2017-03-24 2017-03-27
5.0
None Remote Low Not required None None Partial
The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.
1157 CVE-2016-1603 200 +Info 2017-03-23 2017-03-28
4.0
None Remote Low ??? Partial None None
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.
1158 CVE-2016-1602 94 Exec Code 2017-03-23 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
1159 CVE-2016-1597 264 2017-03-23 2017-03-24
9.0
None Remote Low ??? Complete Complete Complete
A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.
1160 CVE-2016-0770 79 XSS 2017-03-16 2017-03-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable.
1161 CVE-2015-8994 264 +Priv 2017-03-02 2017-03-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database.
1162 CVE-2015-8993 264 2017-03-14 2017-03-28
6.9
None Local Medium Not required Complete Complete Complete
Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
1163 CVE-2015-8992 264 2017-03-14 2017-03-23
6.9
None Local Medium Not required Complete Complete Complete
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
1164 CVE-2015-8991 264 2017-03-14 2017-03-28
6.9
None Local Medium Not required Complete Complete Complete
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
1165 CVE-2015-8990 254 Bypass 2017-03-14 2017-03-23
5.0
None Remote Low Not required None Partial None
Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware.
1166 CVE-2015-8989 310 2017-03-14 2017-03-22
4.0
None Remote Low ??? Partial None None
Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.
1167 CVE-2015-8988 77 Exec Code 2017-03-14 2017-03-23
6.5
None Remote Low ??? Partial Partial Partial
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.
1168 CVE-2015-8987 284 2017-03-14 2017-03-23
3.5
None Remote Medium ??? None Partial None
Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server.
1169 CVE-2015-8986 254 Bypass 2017-03-14 2017-03-23
4.3
None Remote Medium Not required None Partial None
Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware.
1170 CVE-2015-8985 19 DoS 2017-03-20 2020-03-31
4.3
None Remote Medium Not required None None Partial
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
1171 CVE-2015-8984 125 DoS 2017-03-20 2017-03-22
4.3
None Remote Medium Not required None None Partial
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
1172 CVE-2015-8983 190 DoS Exec Code Overflow 2017-03-20 2017-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
1173 CVE-2015-8982 190 DoS Exec Code Overflow 2017-03-15 2021-06-29
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
1174 CVE-2015-8981 119 Overflow 2017-03-16 2017-03-21
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.
1175 CVE-2015-8954 264 Bypass 2017-03-20 2017-03-24
7.5
None Remote Low Not required Partial Partial Partial
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.
1176 CVE-2015-8898 476 DoS 2017-03-15 2018-05-18
4.3
None Remote Medium Not required None None Partial
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
1177 CVE-2015-8897 125 DoS 2017-03-15 2018-05-18
4.3
None Remote Medium Not required None None Partial
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
1178 CVE-2015-8896 DoS 2017-03-15 2021-04-28
4.3
None Remote Medium Not required None None Partial
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
1179 CVE-2015-8895 190 DoS Overflow 2017-03-15 2018-05-18
5.0
None Remote Low Not required None None Partial
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
1180 CVE-2015-8894 415 DoS 2017-03-15 2017-03-17
4.3
None Remote Medium Not required None None Partial
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
1181 CVE-2015-8815 79 XSS 2017-03-03 2017-03-07
5.0
None Remote Low Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.
1182 CVE-2015-8814 352 Bypass CSRF 2017-03-03 2017-03-07
6.8
None Remote Medium Not required Partial Partial Partial
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
1183 CVE-2015-8813 918 2017-03-03 2017-03-07
4.3
None Remote Medium Not required None Partial None
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
1184 CVE-2015-8764 119 Overflow 2017-03-27 2017-03-30
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
1185 CVE-2015-8763 125 2017-03-27 2017-03-30
6.8
None Remote Medium Not required Partial Partial Partial
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
1186 CVE-2015-8762 476 DoS 2017-03-27 2017-03-30
4.3
None Remote Medium Not required None None Partial
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
1187 CVE-2015-8687 79 XSS 2017-03-23 2017-03-28
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do.
1188 CVE-2015-8678 20 DoS 2017-03-24 2017-03-27
7.1
None Remote Medium Not required None None Complete
The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application.
1189 CVE-2015-8628 200 +Info 2017-03-23 2017-03-28
4.3
None Remote Medium Not required Partial None None
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
1190 CVE-2015-8627 284 Bypass 2017-03-23 2017-03-27
5.0
None Remote Low Not required None Partial None
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.
1191 CVE-2015-8626 255 2017-03-23 2017-03-27
5.0
None Remote Low Not required Partial None None
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.
1192 CVE-2015-8625 200 +Info 2017-03-23 2017-03-27
5.0
None Remote Low Not required Partial None None
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.
1193 CVE-2015-8624 352 Bypass CSRF 2017-03-23 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.
1194 CVE-2015-8623 352 Bypass CSRF 2017-03-23 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.
1195 CVE-2015-8622 79 XSS 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')."
1196 CVE-2015-8556 362 2017-03-24 2017-03-27
10.0
None Remote Low Not required Complete Complete Complete
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
1197 CVE-2015-8310 79 XSS 2017-03-27 2017-03-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.
1198 CVE-2015-8309 22 Dir. Trav. 2017-03-27 2017-03-30
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
1199 CVE-2015-8234 310 Bypass 2017-03-29 2017-04-04
4.3
None Remote Medium Not required None Partial None
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
1200 CVE-2015-8026 119 DoS Exec Code Overflow 2017-03-27 2021-06-03
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem.
Total number of vulnerabilities : 1305   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 (This Page)25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.