Author: Cyberthreat Blog

CVE-2017-7312

Posted by Cyberthreat Blog | Jun 7, 2017 | CVE Notifications |

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).

CVE-2017-9470

Posted by Cyberthreat Blog | Jun 7, 2017 | CVE Notifications |

In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

CVE-2017-9472

Posted by Cyberthreat Blog | Jun 7, 2017 | CVE Notifications |

In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

CVE-2017-9474

Posted by Cyberthreat Blog | Jun 7, 2017 | CVE Notifications |

In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

CVE-2017-9473

Posted by Cyberthreat Blog | Jun 7, 2017 | CVE Notifications |

In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

1
…
27,502
27,503
27,504
…
28,062