CVE & Exploit Intelligence Database

CVE-2017-5566 6.7 MEDIUM EPSS 0.00

Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG AntiVirus FREE 17.1 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any AVG process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.

CWE-427 Mar 21, 2017

CVE-2017-5565 6.7 MEDIUM EPSS 0.00

Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.

CWE-427 Mar 21, 2017

CVE-2017-3850 5.9 MEDIUM EPSS 0.00

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. Cisco Bug IDs: CSCvc42729.

CWE-20 Mar 21, 2017

CVE-2017-7210 5.5 MEDIUM EPSS 0.00

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.

CWE-119 Mar 21, 2017

CVE-2017-7209 5.5 MEDIUM EPSS 0.00

The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.

CWE-476 Mar 21, 2017

CVE-2017-7207 5.5 MEDIUM EPSS 0.01

The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.

CWE-476 Mar 21, 2017

CVE-2017-7205 6.1 MEDIUM EPSS 0.00

A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data (a) passed to the "GamePanelX-V3-master/ajax/ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

CWE-79 Mar 21, 2017

CVE-2017-7204 6.1 MEDIUM EPSS 0.00

A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data (name) passed to the "imdbphp-master/demo/search.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

CWE-79 Mar 21, 2017

CVE-2017-7203 6.1 MEDIUM EPSS 0.00

A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

CWE-79 Mar 21, 2017

CVE-2017-7202 6.1 MEDIUM EPSS 0.00

Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

CWE-79 Mar 21, 2017

CVE-2017-7200 5.8 MEDIUM EPSS 0.00

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

CWE-918 Mar 21, 2017

CVE-2016-4931 6.5 MEDIUM EPSS 0.00

XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.

CWE-611 Mar 20, 2017

CVE-2016-4930 6.1 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions.

CWE-79 Mar 20, 2017

CVE-2017-6839 5.5 MEDIUM 1 Writeup EPSS 0.04

Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

CWE-190 Mar 20, 2017

CVE-2017-6838 5.5 MEDIUM 1 Writeup EPSS 0.06

Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

CWE-190 Mar 20, 2017

CVE-2017-6837 5.5 MEDIUM 1 Writeup EPSS 0.06

WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.

CWE-20 Mar 20, 2017

CVE-2017-6836 5.5 MEDIUM EPSS 0.05

Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file.

CWE-119 Mar 20, 2017

CVE-2017-6835 5.5 MEDIUM EPSS 0.04

The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.

CWE-369 Mar 20, 2017

CVE-2017-6834 5.5 MEDIUM EPSS 0.07

Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

CWE-119 Mar 20, 2017

CVE-2017-6833 5.5 MEDIUM EPSS 0.06

The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.

CWE-369 Mar 20, 2017