All Vulnerabilities

Microsoft Office Memory Corruption Vulnerability (CVE-2017-0003)
 Severity:    
 Date Published:  11 Jan 2017
A memory corruption vulnerability exists in Microsoft Office. An attacker who successfully exploited this vulnerability could use a specially crafted file to perform remote code execution in the security context of the current user.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7283)
 Severity:    
 Date Published:  11 Jan 2017
Microsoft Internet Explorer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Internet Explorer and Edge are prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
WordPress WP-EMail Plugin SQL Injection Vulnerability
 Severity:    
 Date Published:  11 Jan 2017
A SQL injection vulnerability has been reported in WordPress WP-EMail Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected website.
A denial-of-service vulnerability has been reported in ISC BIND9. The vulnerability is due to improper handling of packets sent to rndc control channel interface. A remote, unauthenticated attacker could exploit this vulnerabilities by sending a maliciously crafted packet to the rndc control channel interface of a target BIND server. Successful exploitation could lead to denial-of-service conditions.
ISC BIND Long Name Query DOS Vulnerability (CVE-2016-2775)
 Severity:    
 Date Published:  11 Jan 2017
A denial-of-service vulnerability has been reported in ISC BIND's lwresd daemon. The vulnerability is due to failure to check the query length when using lightweight resolver protocol. A remote, unauthenticated attacker could exploit this vulnerability by providing large query name to the lightweight resolver. Successful exploitation could lead to denial-of-service conditions.
ISC BIND Assertion Failure Denial Of Service Vulnerability (CVE-2016-2848)
 Severity:    
 Date Published:  11 Jan 2017
A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause the named service to exit with an assertion failure while processing DNS packet with a malformed options section. A remote, unauthenticated attacker could exploit this vulnerability by providing a specially crafted query to the vulnerable server. Successful exploitation could lead to a denial-of-service condition.
ImageMagick SGI Coder Out Of Bounds Read Vulnerability (CVE-2016-7101)
 Severity:    
 Date Published:  11 Jan 2017
An out-of-bounds read vulnerability exists in ImageMagick's SGI coder when software fails to parse the crafted image file properly.
An out-of-bound array indexing vulnerability has been reported in ImageMagick. The vulnerability is due to improper handling of certain objects in memory. A remote attacker can exploit this vulnerability by uploading a maliciously crafted file to a vulnerable web service. Successful exploitation could result in arbitrary code execution under the security context of the service using ImageMagick.
A denial-of-service vulnerability exists in libtasn1, a component of GnuTLS. The vulnerability is due to a flaw in parsing ASN.1 data that causes libtasn1 to enter an infinite loop when processing a specially crafted DER-encoded input. A remote attacker can exploit this vulnerability in GnuTLS by sending a crafted ASN.1 certificate to a target application. Successful exploitation may result in a denial-of-service condition.

Featured Stories