Security Vulnerabilities - CVEs Published In March 2017
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.
CVSS Score
8.1
EPSS Score
0.004
Published
2017-03-31
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-31
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-03-31
The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-03-31
An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-03-31
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-03-31
fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-03-31
Snoopy allows remote attackers to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.055
Published
2017-03-31
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
CVSS Score
9.8
EPSS Score
0.027
Published
2017-03-31
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-03-31