Security Vulnerabilities - CVEs Published In February 2017
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.
CVSS Score
9.8
EPSS Score
0.694
Published
2017-02-22
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-02-22
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-02-22
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-02-22
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-02-22
Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-02-22
The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-02-22
Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-02-22
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-02-22
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-02-22