Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-03-15
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
CVSS Score
5.4
EPSS Score
0.024
Published
2017-03-12
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
CVSS Score
6.1
EPSS Score
0.064
Published
2017-03-12
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
CVSS Score
4.9
EPSS Score
0.026
Published
2017-03-12
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
CVSS Score
5.4
EPSS Score
0.061
Published
2017-03-12
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-03-10
An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-03-10
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-03-10
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-03-10
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-03-10