Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2017
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
CVSS Score
7.8
EPSS Score
0.008
Published
2017-02-15
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-02-15
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
CVSS Score
9.8
EPSS Score
0.174
Published
2017-02-15
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-02-15
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-02-15
The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."
CVSS Score
7.8
EPSS Score
0.0
Published
2017-02-15
The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-02-15
The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-02-15
The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures."
CVSS Score
7.5
EPSS Score
0.018
Published
2017-02-15
Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-02-15


Contact Us

Shodan ® - All rights reserved