Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2017
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."
CVSS Score
7.8
EPSS Score
0.003
Published
2017-02-24
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."
CVSS Score
7.8
EPSS Score
0.002
Published
2017-02-24
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
CVSS Score
7.8
EPSS Score
0.006
Published
2017-02-24
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-02-24
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-02-24
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-02-24
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-02-24
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-02-24
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-02-24
Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-02-24


Contact Us

Shodan ® - All rights reserved