CVE-2011-4006

This is an entry in the Common Vulnerability Index under number CVE-2011-4006. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2011-4006

Description: The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence,

Continue Reading …

CVE-2017-1141

This is an entry in the Common Vulnerability Index under number CVE-2017-1141. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-1141

Description: IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907.

Continue Reading …

CVE-2016-3624

This is an entry in the Common Vulnerability Index under number CVE-2016-3624. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2016-3624

Description: The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the “-v”

Continue Reading …

CVE-2012-0976

This is an entry in the Common Vulnerability Index under number CVE-2012-0976. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2012-0976

Description: Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter.

Continue Reading …

CVE-2016-6342

This is an entry in the Common Vulnerability Index under number CVE-2016-6342. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2016-6342

Description: elog 3.1.1 allows remote attackers to post data as any username in the logbook.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2017-9305

This is an entry in the Common Vulnerability Index under number CVE-2017-9305. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-9305

Description: lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.

Continue Reading …

CVE-2017-17133

This is an entry in the Common Vulnerability Index under number CVE-2017-17133. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-17133

Description: Huawei VP9660 V500R002C10 has a null pointer reference vulnerability in license module due to insufficient verification. An authenticated local attacker could place a malicious license file into system which cause memory null pointer accessing and related processing crash.

Continue Reading …

CVE-2017-9194

This is an entry in the Common Vulnerability Index under number CVE-2017-9194. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-9194

Description: libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …