Security Vulnerabilities - CVEs Published In January 2017
A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. Switches in the FabricPath domain crash because of an __inst_001__isis_fabricpath hap reset when processing a crafted link-state packet. More Information: CSCvc45002. Known Affected Releases: 7.1(3)N1(2.1) 7.1(3)N1(3.12) 7.3(2)N1(0.296) 8.0(1)S2. Known Fixed Releases: 6.2(18)S11 7.0(3)I5(1.170) 7.0(3)I5(2) 7.1(4)N1(0.4) 7.1(4)N1(1b) 7.1(5)N1(0.986) 7.1(5)N1(1) 7.2(3)D1(0.8) 7.3(2)N1(0.304) 7.3(2)N1(1) 8.0(0.96)S0 8.0(1) 8.0(1)E1 8.0(1)S4 8.3(0)CV(0.788).
CVSS Score
6.1
EPSS Score
0.003
Published
2017-01-26
A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0).
CVSS Score
5.3
EPSS Score
0.003
Published
2017-01-26
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-01-25
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-01-25
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-01-25
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.
CVSS Score
8.8
EPSS Score
0.014
Published
2017-01-25
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-01-25
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.
CVSS Score
9.8
EPSS Score
0.027
Published
2017-01-25
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.
CVSS Score
9.8
EPSS Score
0.027
Published
2017-01-25
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
CVSS Score
7.5
EPSS Score
0.094
Published
2017-01-25