Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2017
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-01-18
libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.
CVSS Score
9.1
EPSS Score
0.008
Published
2017-01-18
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
CVSS Score
4.0
EPSS Score
0.102
Published
2017-01-18
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684.
CVSS Score
7.0
EPSS Score
0.0
Published
2017-01-18
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710.
CVSS Score
7.0
EPSS Score
0.0
Published
2017-01-18
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
CVSS Score
4.0
EPSS Score
0.044
Published
2017-01-18
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-01-18
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-01-18
Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
CVSS Score
7.4
EPSS Score
0.13
Published
2017-01-18
Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.
CVSS Score
7.5
EPSS Score
0.179
Published
2017-01-18


Contact Us

Shodan ® - All rights reserved