SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.
Monthly Archives: April 2017
CVE-2017-7879
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
CVE-2017-7357
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
CVE-2017-7690
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.
collectd-5.7.1-3.fc25
Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions. This is a bug in the network plugin.
collectd-5.7.1-3.fc26
Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions. This is a bug in the network plugin.
collectd-4.10.9-4.el6
Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions. This is a bug in the network plugin.
collectd-5.6.2-1.fc24
Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions. This is a bug in the network plugin.
collectd-5.7.1-2.el7
Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions. This is a bug in the network plugin.
CVE-2017-1152
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.