CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2017-6180 352 CSRF 2017-03-13 2017-03-14
6.8
None Remote Medium Not required Partial Partial Partial
Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages).
352 CVE-2017-6178 476 +Priv 2017-03-20 2019-03-13
4.6
None Local Low Not required Partial Partial Partial
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
353 CVE-2017-6104 287 2017-03-02 2019-10-03
5.0
None Remote Low Not required None Partial None
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
354 CVE-2017-6103 79 XSS 2017-03-02 2018-05-02
4.3
None Remote Medium Not required None Partial None
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.
355 CVE-2017-6102 79 XSS 2017-03-02 2019-03-13
4.3
None Remote Medium Not required None Partial None
Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.
356 CVE-2017-6087 78 Exec Code 2017-03-24 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.
357 CVE-2017-6081 352 CSRF 2017-03-13 2019-03-14
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.
358 CVE-2017-6080 352 2017-03-13 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result.
359 CVE-2017-6069 352 XSS CSRF 2017-03-27 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter.
360 CVE-2017-6068 352 XSS CSRF 2017-03-27 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.
361 CVE-2017-6067 79 XSS 2017-03-27 2020-08-25
4.3
None Remote Medium Not required None Partial None
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
362 CVE-2017-6066 352 XSS CSRF 2017-03-27 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter.
363 CVE-2017-6062 287 Bypass 2017-03-02 2019-10-25
5.0
None Remote Low Not required None Partial None
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
364 CVE-2017-6061 79 XSS 2017-03-16 2017-03-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106.
365 CVE-2017-6060 787 Overflow 2017-03-15 2022-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
366 CVE-2017-6058 120 DoS Overflow 2017-03-20 2020-11-20
5.0
None Remote Low Not required None None Partial
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.
367 CVE-2017-6023 119 Exec Code Overflow 2017-03-16 2021-10-28
9.0
None Remote Low Not required Partial Partial Complete
An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.
368 CVE-2017-6013 89 Sql 2017-03-27 2019-03-12
7.5
None Remote Low Not required Partial Partial Partial
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
369 CVE-2017-6006 79 XSS 2017-03-26 2017-03-28
4.3
None Remote Medium Not required None Partial None
Symphony 2.6.11 has XSS in publish/articles/new/ via the Body field.
370 CVE-2017-6003 79 XSS 2017-03-27 2019-03-12
4.3
None Remote Medium Not required None Partial None
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
371 CVE-2017-6002 352 XSS CSRF 2017-03-27 2017-03-28
6.8
None Remote Medium Not required Partial Partial Partial
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
372 CVE-2017-5999 326 2017-03-06 2017-03-15
5.0
None Remote Low Not required Partial None None
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system.
373 CVE-2017-5995 200 +Info 2017-03-01 2021-09-10
5.0
None Remote Low Not required Partial None None
The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors.
374 CVE-2017-5994 119 DoS Overflow 2017-03-15 2017-07-11
2.1
None Local Low Not required None None Partial
Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter.
375 CVE-2017-5993 772 DoS 2017-03-15 2019-10-03
4.9
None Local Low Not required None None Complete
Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_CCMD_BLIT commands.
376 CVE-2017-5987 835 DoS 2017-03-20 2020-11-10
2.1
None Local Low Not required None None Partial
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
377 CVE-2017-5985 862 2017-03-14 2019-10-03
2.1
None Local Low Not required None Partial None
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
378 CVE-2017-5981 617 DoS 2017-03-01 2019-10-03
4.3
None Remote Medium Not required None None Partial
seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.
379 CVE-2017-5980 476 DoS 2017-03-01 2017-11-04
4.3
None Remote Medium Not required None None Partial
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.
380 CVE-2017-5979 476 DoS 2017-03-01 2017-11-04
4.3
None Remote Medium Not required None None Partial
The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.
381 CVE-2017-5978 125 DoS 2017-03-01 2017-11-04
4.3
None Remote Medium Not required None None Partial
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.
382 CVE-2017-5977 125 DoS 2017-03-01 2017-03-07
4.3
None Remote Medium Not required None None Partial
The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.
383 CVE-2017-5976 787 DoS Overflow 2017-03-01 2021-03-31
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
384 CVE-2017-5975 787 DoS Overflow 2017-03-01 2021-03-31
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
385 CVE-2017-5974 119 DoS Overflow 2017-03-01 2021-03-31
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
386 CVE-2017-5973 835 DoS 2017-03-27 2021-08-04
2.1
None Local Low Not required None None Partial
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
387 CVE-2017-5957 787 DoS Overflow 2017-03-14 2021-05-19
2.1
None Local Low Not required None None Partial
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
388 CVE-2017-5956 125 DoS 2017-03-20 2017-07-11
2.1
None Local Low Not required None None Partial
The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.
389 CVE-2017-5938 79 XSS 2017-03-15 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
390 CVE-2017-5937 476 DoS 2017-03-15 2017-03-17
2.1
None Local Low Not required None None Partial
The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.
391 CVE-2017-5932 20 +Priv 2017-03-27 2017-03-31
4.6
None Local Low Not required Partial Partial Partial
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
392 CVE-2017-5931 190 DoS Exec Code Overflow 2017-03-27 2020-11-16
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow.
393 CVE-2017-5930 862 2017-03-20 2020-02-26
3.5
None Remote Medium ??? None Partial None
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
394 CVE-2017-5929 502 2017-03-13 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
395 CVE-2017-5900 79 XSS 2017-03-29 2017-07-12
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm.
396 CVE-2017-5899 22 +Priv Dir. Trav. 2017-03-27 2017-03-31
6.9
None Local Medium Not required Complete Complete Complete
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
397 CVE-2017-5898 190 DoS Overflow 2017-03-15 2020-11-10
2.1
None Local Low Not required None None Partial
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
398 CVE-2017-5897 125 2017-03-23 2018-08-24
7.5
None Remote Low Not required Partial Partial Partial
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
399 CVE-2017-5886 119 Overflow 2017-03-01 2017-03-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
400 CVE-2017-5874 352 XSS Bypass CSRF 2017-03-22 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.
Total number of vulnerabilities : 1305   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.