All Vulnerabilities

A denial-of-service vulnerability exists in PowerDNS Authoritative Server. The vulnerability is due to an error in processing queries with overly long qnames. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted DNS packet to the target application. A successful attack could lead to excessive resources being consumed, resulting in a denial of service condition.
NTP Oversized UDP Packet Denial Of Service Vulnerability (CVE-2016-9312)
 Severity:    
 Date Published:  11 Jan 2017
A denial of service vulnerability exists in the Windows port of Network Time Foundation's NTP Daemon. An attacker can exploit this vulnerability by sending a large UDP packet to the target server. Successful exploitation results in denial of service conditions on the target server.
NTP Daemon CRYPTO_NAK Denial Of Service Vulnerability (CVE-2016-4957)
 Severity:    
 Date Published:  11 Jan 2017
A denial of service vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to a null pointer dereference when handling crypto-NAK packets. A remote attacker can exploit this vulnerability by sending an unsolicited crypto-NAK packet to the target service. Successful exploitation may result in denial-of-service conditions.
A denial-of-service vulnerability has been reported in NGINX. The vulnerability is due to nginx dereferencing an invalid pointer while processing certain DNS packets. A remote attacker could exploit this vulnerability by forging UDP packets as if from a trusted DNS server. Successful exploitation attempt may result in denial-of-service condition.
A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0003)
 Severity:    
 Date Published:  11 Jan 2017
A memory corruption vulnerability exists in Microsoft Office. An attacker who successfully exploited this vulnerability could use a specially crafted file to perform remote code execution in the security context of the current user.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7283)
 Severity:    
 Date Published:  11 Jan 2017
Microsoft Internet Explorer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Internet Explorer and Edge are prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
WordPress WP-EMail Plugin SQL Injection Vulnerability
 Severity:    
 Date Published:  11 Jan 2017
A SQL injection vulnerability has been reported in WordPress WP-EMail Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected website.
A denial-of-service vulnerability has been reported in ISC BIND9. The vulnerability is due to improper handling of packets sent to rndc control channel interface. A remote, unauthenticated attacker could exploit this vulnerabilities by sending a maliciously crafted packet to the rndc control channel interface of a target BIND server. Successful exploitation could lead to denial-of-service conditions.