Monthly Archive: February 2017

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that...

The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file. Date published : 2017-02-02 https://github.com/dropbox/lepton/issues/26 http://www.openwall.com/lists/oss-security/2016/07/17/6

The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. Date published : 2017-02-02 https://github.com/dropbox/lepton/issues/26 http://www.openwall.com/lists/oss-security/2016/07/17/6

The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file. Date published : 2017-02-02 https://github.com/dropbox/lepton/issues/26 http://www.openwall.com/lists/oss-security/2016/07/17/6

The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file. Date published : 2017-02-02 https://github.com/dropbox/lepton/issues/26 http://www.openwall.com/lists/oss-security/2016/07/17/6

The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file. Date published : 2017-02-02 https://github.com/dropbox/lepton/issues/26 http://www.openwall.com/lists/oss-security/2016/07/17/6

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability...

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Date...

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. Date published : 2017-02-02 http://www.securityfocus.com/bid/95958 http://www.ibm.com/support/docview.wss?uid=swg21997924

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Date published : 2017-02-02 http://www.securityfocus.com/bid/95965 http://www.ibm.com/support/docview.wss?uid=swg21997802

IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information...

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script...

The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. Date published : 2017-02-02 http://www.securityfocus.com/bid/96041 https://kb.netapp.com/support/s/article/NTAP-20170131-0001

An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a...