The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
Monthly Archives: March 2017
CVE-2017-6387 (radare2)
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.
CVE-2017-6319 (radare2)
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
DSA-3800 libquicktime – security update
Marco Romano discovered that libquicktime, a library for reading and
writing QuickTime files, was vulnerable to an integer overflow
attack. When opened, a specially crafted MP4 file would cause a denial
of service by crashing the application.
Vuln: Libgd CVE-2016-6912 Security Bypass Vulnerability
Libgd CVE-2016-6912 Security Bypass Vulnerability
Vuln: Linux Kernel CVE-2016-9806 Local Denial of Service Vulnerability
Linux Kernel CVE-2016-9806 Local Denial of Service Vulnerability
Vuln: Linux Kernel CVE-2017-2584 Denial of Service Vulnerability
Linux Kernel CVE-2017-2584 Denial of Service Vulnerability
Vuln: Linux Kernel CVE-2017-2583 Privilege Escalation Vulnerability
Linux Kernel CVE-2017-2583 Privilege Escalation Vulnerability
CVE-2016-8233
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
CVE-2016-5932
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294.