CVE-2017-5992 (openpyxl)
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.
Source: CVE-2017-5992 (openpyxl)
[월:] 2017년 02월
CVE-2016-8972 (aix, vios)
CVE-2016-8972 (aix, vios)
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
Source: CVE-2016-8972 (aix, vios)
CVE-2016-8944
CVE-2016-8944
IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.
Source: CVE-2016-8944
CVE-2017-5992
CVE-2017-5992
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.
Source: CVE-2017-5992
CVE-2017-5997
CVE-2017-5997
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.
Source: CVE-2017-5997
CVE-2016-8968
CVE-2016-8968
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.
Source: CVE-2016-8968
CVE-2016-8866
CVE-2016-8866
The AcquireMagickMemory function in MagickCore/memory.c in GraphicsMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
Source: CVE-2016-8866
CVE-2016-9560
CVE-2016-9560
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
Source: CVE-2016-9560
CVE-2017-5896
CVE-2017-5896
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.
Source: CVE-2017-5896
CVE-2016-9706
CVE-2016-9706
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.
Source: CVE-2016-9706