CVE List

Id CVE No. Status Description Phase Votes Comments Actions
103155  CVE-2017-6335  Candidate  The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.  Assigned (20170226)  None (candidate not yet proposed)    View
103156  CVE-2017-6336  Candidate  ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.  Assigned (20170226)  None (candidate not yet proposed)    View
103157  CVE-2017-6337  Candidate  ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.  Assigned (20170226)  None (candidate not yet proposed)    View
103158  CVE-2017-6338  Candidate  Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like "Reports Only" or "Auditor" to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.  Assigned (20170226)  None (candidate not yet proposed)    View
103159  CVE-2017-6339  Candidate  Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase.  Assigned (20170226)  None (candidate not yet proposed)    View

Page 931 of 20943, showing 5 records out of 104715 total, starting on record 4651, ending on 4655

Actions