Security Vulnerabilities - CVEs Published In March 2017
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVSS Score
7.8
EPSS Score
0.007
Published
2017-03-15
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
CVSS Score
9.8
EPSS Score
0.035
Published
2017-03-15
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-03-15
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
CVSS Score
7.5
EPSS Score
0.014
Published
2017-03-15
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.
CVSS Score
9.8
EPSS Score
0.353
Published
2017-03-15
EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.
CVSS Score
7.5
EPSS Score
0.374
Published
2017-03-15
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
CVSS Score
9.8
EPSS Score
0.113
Published
2017-03-15
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-03-15
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-03-15
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.
CVSS Score
5.3
EPSS Score
0.005
Published
2017-03-15