The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- tomcat | In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. | 2017-04-17 | 7.5 | CVE-2017-5651 BID CONFIRM MLIST |
| apache -- traffic_server | Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | 2017-04-17 | 7.8 | CVE-2016-5396 CONFIRM |
| canonical -- ubuntu_linux | The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup. | 2017-04-14 | 7.2 | CVE-2016-0727 MISC BID SECTRACK UBUNTU CONFIRM CONFIRM |
| ffmpeg -- ffmpeg | FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | 2017-04-14 | 7.5 | CVE-2017-7859 BID MISC |
| ffmpeg -- ffmpeg | FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | 2017-04-14 | 7.5 | CVE-2017-7862 BID MISC MISC |
| ffmpeg -- ffmpeg | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | 2017-04-14 | 7.5 | CVE-2017-7863 BID MISC MISC |
| ffmpeg -- ffmpeg | FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. | 2017-04-14 | 7.5 | CVE-2017-7865 BID MISC MISC |
| ffmpeg -- ffmpeg | FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. | 2017-04-14 | 7.5 | CVE-2017-7866 BID MISC MISC |
| flatcore -- flatcore-cms | SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | 2017-04-14 | 7.5 | CVE-2017-7878 CONFIRM |
| freetype -- freetype2 | FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | 2017-04-14 | 7.5 | CVE-2016-10328 MISC MISC BID MISC |
| freetype -- freetype2 | FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. | 2017-04-14 | 7.5 | CVE-2017-7857 MISC BID MISC |
| freetype -- freetype2 | FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. | 2017-04-14 | 7.5 | CVE-2017-7858 MISC BID MISC |
| freetype -- freetype2 | FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. | 2017-04-14 | 7.5 | CVE-2017-7864 MISC BID MISC |
| google -- android | Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices. | 2017-04-17 | 10.0 | CVE-2016-6726 BID CONFIRM |
| grpc -- grpc | Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. | 2017-04-14 | 7.5 | CVE-2017-7860 BID MISC MISC |
| grpc -- grpc | Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. | 2017-04-14 | 7.5 | CVE-2017-7861 BID MISC MISC |
| ibm -- spectrum_lsf | IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. | 2017-04-14 | 7.2 | CVE-2017-1205 MISC BID |
| libreoffice -- libreoffice | LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. | 2017-04-14 | 7.5 | CVE-2016-10327 BID MISC MISC |
| libreoffice -- libreoffice | LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. | 2017-04-14 | 7.5 | CVE-2017-7856 BID MISC MISC |
| libreoffice -- libreoffice | LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. | 2017-04-14 | 7.5 | CVE-2017-7870 BID MISC MISC |
| libreoffice -- libreoffice | LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. | 2017-04-15 | 7.5 | CVE-2017-7882 BID MISC MISC |
| linux -- linux_kernel | The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | 2017-04-18 | 7.8 | CVE-2017-7645 MISC MISC |
| linux -- linux_kernel | The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | 2017-04-16 | 7.2 | CVE-2017-7889 MISC MISC BID MISC |
| proxifier -- proxifier_for_mac | Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program. | 2017-04-14 | 7.2 | CVE-2017-7643 FULLDISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- tomcat | A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. | 2017-04-17 | 5.0 | CVE-2017-5647 MLIST |
| apache -- tomcat | While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. | 2017-04-17 | 6.4 | CVE-2017-5648 BID MLIST |
| apache -- tomcat | In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads. | 2017-04-17 | 5.0 | CVE-2017-5650 BID MLIST |
| apache -- traffic_server | Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | 2017-04-17 | 5.0 | CVE-2017-5659 CONFIRM |
| artifex -- ghostscript | The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. | 2017-04-14 | 6.8 | CVE-2016-8602 CONFIRM MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
| bigtreecms -- bigtree_cms | BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14. | 2017-04-15 | 6.8 | CVE-2017-7881 MISC |
| bitrix_project -- bitrix | Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php. | 2017-04-14 | 6.0 | CVE-2015-8356 MISC BUGTRAQ BID MISC |
| cybozu -- office | The "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote authenticated users to read closed project information. | 2017-04-17 | 4.0 | CVE-2016-4867 JVN JVNDB BID CONFIRM |
| cybozu -- office | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject arbitrary email headers. | 2017-04-17 | 4.3 | CVE-2016-4868 JVN JVNDB BID CONFIRM |
| cybozu -- office | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain session information from users. | 2017-04-17 | 4.3 | CVE-2016-4869 JVN JVNDB BID CONFIRM |
| cybozu -- office | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | 2017-04-17 | 6.8 | CVE-2016-4871 JVN JVNDB BID CONFIRM |
| cybozu -- office | The "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 allows remote authenticated users to read the names of closed projects. | 2017-04-17 | 4.0 | CVE-2016-4872 JVN JVNDB BID CONFIRM |
| cybozu -- office | The "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not properly check access permissions, which allows remote authenticated users to alter project information. | 2017-04-17 | 4.0 | CVE-2016-4873 JVN JVNDB BID CONFIRM |
| databox_project -- databox_plugin | Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-14 | 4.3 | CVE-2016-4875 JVN JVNDB BID CONFIRM CONFIRM |
| flatcore -- flatcore-cms | CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | 2017-04-14 | 6.8 | CVE-2017-7877 BID CONFIRM |
| flatcore -- flatcore-cms | SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | 2017-04-14 | 5.0 | CVE-2017-7879 CONFIRM |
| ibm -- cognos_business_intelligence | IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612. | 2017-04-17 | 5.0 | CVE-2016-3036 CONFIRM BID |
| ibm -- financial_transaction_manager | IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. | 2017-04-14 | 4.0 | CVE-2017-1152 CONFIRM |
| ibm -- marketing_platform | IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236. | 2017-04-17 | 4.9 | CVE-2016-0228 CONFIRM BID |
| ibm -- tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538. | 2017-04-14 | 6.8 | CVE-2016-8925 CONFIRM BID |
| ibm -- tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539. | 2017-04-14 | 4.0 | CVE-2016-8926 CONFIRM |
| imagemagick -- imagemagick | coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. | 2017-04-19 | 4.3 | CVE-2014-9907 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | 2017-04-18 | 4.3 | CVE-2017-7941 BID CONFIRM |
| imagemagick -- imagemagick | The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | 2017-04-18 | 4.3 | CVE-2017-7942 BID CONFIRM |
| imagemagick -- imagemagick | The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | 2017-04-18 | 4.3 | CVE-2017-7943 CONFIRM |
| mantisbt -- mantisbt | MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | 2017-04-16 | 6.5 | CVE-2017-7615 MISC MISC BID CONFIRM |
| mongodb -- mongodb | mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. | 2017-04-14 | 5.0 | CVE-2016-3104 BID CONFIRM CONFIRM |
| moxa -- mxview | Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. | 2017-04-14 | 5.0 | CVE-2017-7455 MISC MISC FULLDISC |
| moxa -- mxview | Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. | 2017-04-14 | 5.0 | CVE-2017-7456 MISC FULLDISC |
| palo_alto_networks -- traps | Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. | 2017-04-14 | 5.0 | CVE-2017-7408 BID CONFIRM CONFIRM |
| paloaltonetworks -- pan-os | The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. | 2017-04-14 | 4.0 | CVE-2017-7217 BID CONFIRM |
| paloaltonetworks -- pan-os | The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. | 2017-04-14 | 4.6 | CVE-2017-7218 BID CONFIRM |
| radare -- radare2 | The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. | 2017-04-18 | 4.3 | CVE-2017-7946 CONFIRM CONFIRM |
| sap -- netweaver | SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. | 2017-04-14 | 6.5 | CVE-2017-7717 BID MISC |
| symantec -- messaging_gateway | Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. | 2017-04-14 | 4.0 | CVE-2016-5312 MISC FULLDISC BID SECTRACK CONFIRM EXPLOIT-DB |
| wolfcms -- wolf_cms | Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality. | 2017-04-14 | 6.5 | CVE-2015-6567 MISC MISC MISC CONFIRM CONFIRM |
| wolfcms -- wolf_cms | Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality. | 2017-04-14 | 6.5 | CVE-2015-6568 MISC MISC MISC CONFIRM CONFIRM |
| zohocorp -- servicedesk_plus | ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions. | 2017-04-14 | 6.5 | CVE-2016-4889 JVN JVNDB BID |
| zohocorp -- servicedesk_plus | ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie. | 2017-04-14 | 5.0 | CVE-2016-4890 JVN JVNDB BID |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cybozu -- office | Cross-site scripting (XSS) vulnerability in the "Customapp" function in Cybozu Office 9.0.0 through 10.4.0. | 2017-04-17 | 3.5 | CVE-2016-4865 JVN JVNDB BID CONFIRM |
| cybozu -- office | Cross-site scripting (XSS) vulnerability in the "Project" function in Cybozu Office 9.0.0 through 10.4.0. | 2017-04-17 | 3.5 | CVE-2016-4866 JVN JVNDB BID CONFIRM |
| cybozu -- office | Cross-site scripting (XSS) vulnerability in "Schedule" function in Cybozu Office 9.0.0 through 10.4.0. | 2017-04-17 | 3.5 | CVE-2016-4870 JVN JVNDB BID CONFIRM |
| cybozu -- office | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. | 2017-04-17 | 3.5 | CVE-2016-4874 JVN JVNDB BID CONFIRM |
| ibm -- cognos_business_intelligence | IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613. | 2017-04-17 | 3.5 | CVE-2016-3037 CONFIRM BID |
| ibm -- cognos_business_intelligence | IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614. | 2017-04-17 | 3.5 | CVE-2016-3038 CONFIRM BID |
| ibm -- tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540. | 2017-04-14 | 3.5 | CVE-2016-8927 CONFIRM BID |
| moxa -- mx-aopc_server | XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. | 2017-04-14 | 1.9 | CVE-2017-7457 MISC FULLDISC |
| zohocorp -- servicedesk_plus | Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-14 | 3.5 | CVE-2016-4888 JVN JVNDB BID |
| zurmo -- zurmo_crm | Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. | 2017-04-14 | 3.5 | CVE-2017-7188 BID MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 105_bank -- 105_bank_app |
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-04-21 | not yet calculated | CVE-2016-1210 JVN JVNDB |
| akerun -- smart_lock_robot_app |
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | 2017-04-21 | not yet calculated | CVE-2016-1148 JVN JVNDB CONFIRM |
| apache -- batik |
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. | 2017-04-18 | not yet calculated | CVE-2017-5662 CONFIRM |
| apache -- cxf |
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. | 2017-04-18 | not yet calculated | CVE-2017-5653 CONFIRM |
| apache -- cxf |
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. | 2017-04-18 | not yet calculated | CVE-2017-5656 CONFIRM |
| apache -- fop |
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. | 2017-04-18 | not yet calculated | CVE-2017-5661 CONFIRM |
| apache -- log4j |
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 2017-04-17 | not yet calculated | CVE-2017-5645 BID CONFIRM |
| apple -- operating_systems |
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-20 | not yet calculated | CVE-2016-4650 BID MISC CONFIRM CONFIRM CONFIRM |
| arm_holdings -- mbed_TLS |
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. | 2017-04-20 | not yet calculated | CVE-2017-2784 MISC CONFIRM |
| artifex -- artifex |
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. | 2017-04-16 | not yet calculated | CVE-2017-7885 MISC |
| artifex -- ghostscript |
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. | 2017-04-19 | not yet calculated | CVE-2017-7948 CONFIRM CONFIRM |
| artifex -- jbig2dec |
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. | 2017-04-19 | not yet calculated | CVE-2017-7975 MISC |
| artifex -- jbig2dec |
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. | 2017-04-19 | not yet calculated | CVE-2017-7976 MISC |
| asterisk -- asterisk |
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). | 2017-04-17 | not yet calculated | CVE-2016-7551 CONFIRM DEBIAN MISC CONFIRM MISC |
| axis_communications -- network_cameras |
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. | 2017-04-17 | not yet calculated | CVE-2015-8256 MISC BID EXPLOIT-DB |
| blackberry -- blackberry |
The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. | 2017-04-21 | not yet calculated | CVE-2016-2433 CONFIRM |
| c/c++ -- c/c++ |
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. | 2017-04-14 | not yet calculated | CVE-2017-7868 MISC BID MISC |
| c/c++ -- c/c++ |
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. | 2017-04-14 | not yet calculated | CVE-2017-7867 MISC BID MISC |
| cisco -- adaptive_security_appliance_software | A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Note: Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.12) 9.2(4.18) 9.4(3.12) 9.5(3.2) 9.6(2.2). Cisco Bug IDs: CSCvb40898. | 2017-04-20 | not yet calculated | CVE-2017-6607 BID CONFIRM |
| cisco -- adaptive_security_appliance_software |
A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321. | 2017-04-20 | not yet calculated | CVE-2017-3793 BID CONFIRM |
| cisco -- adaptive_security_appliance_software |
A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.7) 9.2(4.11) 9.4(4) 9.5(3) 9.6(1.5). Cisco Bug IDs: CSCuz11685. | 2017-04-20 | not yet calculated | CVE-2017-6610 BID CONFIRM |
| cisco -- adaptive_security_appliance_software |
A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 8.4(7.31) 9.0(4.39) 9.1(7) 9.2(4.6) 9.3(3.8) 9.4(2) 9.5(2). Cisco Bug IDs: CSCuv48243. | 2017-04-20 | not yet calculated | CVE-2017-6608 BID CONFIRM |
| cisco -- adaptive_security_appliance_software |
A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. An attacker needs to establish a valid IPsec tunnel before exploiting this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.8) 9.2(4.15) 9.4(4) 9.5(3.2) 9.6(2). Cisco Bug IDs: CSCun16158. | 2017-04-20 | not yet calculated | CVE-2017-6609 BID CONFIRM |
| cisco -- findit_network_probe_software |
A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628. | 2017-04-20 | not yet calculated | CVE-2017-6614 BID CONFIRM |
| cisco -- firepower_system_software |
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876. | 2017-04-20 | not yet calculated | CVE-2016-6368 BID CONFIRM |
| cisco -- integrated_management_controller |
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578. | 2017-04-20 | not yet calculated | CVE-2017-6616 BID CONFIRM |
| cisco -- integrated_management_controller |
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591. | 2017-04-20 | not yet calculated | CVE-2017-6619 BID CONFIRM |
| cisco -- integrated_management_controller |
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583. | 2017-04-20 | not yet calculated | CVE-2017-6617 BID CONFIRM |
| cisco -- integrated_management_controller |
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587. | 2017-04-20 | not yet calculated | CVE-2017-6618 BID CONFIRM |
| cisco -- ios_ios_xe |
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut47751. | 2017-04-20 | not yet calculated | CVE-2017-3861 BID CONFIRM |
| cisco -- ios_ios_xe |
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCur29331. | 2017-04-20 | not yet calculated | CVE-2017-3860 BID CONFIRM |
| cisco -- ios_ios_xe |
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut50727. | 2017-04-20 | not yet calculated | CVE-2017-3863 BID CONFIRM |
| cisco -- ios_ios_xe |
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCuu76493. | 2017-04-20 | not yet calculated | CVE-2017-3862 BID CONFIRM |
| cisco -- ios_xe |
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392. | 2017-04-20 | not yet calculated | CVE-2017-6615 BID CONFIRM |
| cisco -- prime |
A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCuw65830. | 2017-04-20 | not yet calculated | CVE-2017-6611 BID CONFIRM |
| cisco -- prime |
A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition. This vulnerability affects Cisco Prime Network Registrar on all software versions prior to 8.3.5. Cisco Bug IDs: CSCvb55412. | 2017-04-20 | not yet calculated | CVE-2017-6613 BID CONFIRM |
| cisco -- unified_communications_manager |
A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455. | 2017-04-20 | not yet calculated | CVE-2017-3808 BID CONFIRM |
| cloud_foundry -- cloud_controller |
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. | 2017-04-20 | not yet calculated | CVE-2017-4969 CONFIRM |
| craft_cms -- craft_cms |
Craft CMS before 2.6.2974 allows XSS attacks. | 2017-04-21 | not yet calculated | CVE-2017-8052 CONFIRM CONFIRM |
| cybozu -- cybozu_kunai_app |
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. | 2017-04-21 | not yet calculated | CVE-2016-1187 JVN JVNDB CONFIRM CONFIRM |
| cybozu -- garoon |
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | 2017-04-20 | not yet calculated | CVE-2016-1215 JVN JVNDB BID CONFIRM |
| cybozu -- garoon |
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | 2017-04-20 | not yet calculated | CVE-2016-1214 JVN JVNDB BID CONFIRM |
| cybozu -- garoon |
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. | 2017-04-21 | not yet calculated | CVE-2016-1194 JVN JVNDB CONFIRM |
| cybozu -- garoon |
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | 2017-04-20 | not yet calculated | CVE-2016-1217 JVN JVNDB BID CONFIRM |
| cybozu -- garoon |
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | 2017-04-20 | not yet calculated | CVE-2016-1213 JVN JVNDB BID CONFIRM |
| cybozu -- garoon |
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | 2017-04-20 | not yet calculated | CVE-2016-1216 JVN JVNDB BID CONFIRM |
| cybozu -- garoon |
SQL injection vulnerability in Cybozu Garoon before 4.2.2. | 2017-04-20 | not yet calculated | CVE-2016-1218 JVN JVNDB BID CONFIRM |
| cybozu -- garoon |
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | 2017-04-20 | not yet calculated | CVE-2016-1219 JVN JVNDB BID CONFIRM |
| cybozu -- garoon |
Cybozu Garoon before 4.2.2 does not properly restrict access. | 2017-04-20 | not yet calculated | CVE-2016-1220 JVN JVNDB BID CONFIRM |
| cybuzo -- mailwise | Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. | 2017-04-20 | not yet calculated | CVE-2016-4844 JVN JVNDB BID CONFIRM |
| cybuzo -- mailwise |
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. | 2017-04-20 | not yet calculated | CVE-2016-4843 JVN JVNDB BID CONFIRM |
| cybuzo -- mailwise |
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. | 2017-04-20 | not yet calculated | CVE-2016-4842 JVN JVNDB BID CONFIRM |
| cybuzo -- mailwise |
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | 2017-04-21 | not yet calculated | CVE-2016-4841 JVN JVNDB BID CONFIRM |
| cygwin -- cygwin |
Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges. | 2017-04-21 | not yet calculated | CVE-2016-3067 MLIST MLIST MLIST MLIST CONFIRM |
| d-link -- wireless_range_extender_hardware |
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. | 2017-04-21 | not yet calculated | CVE-2016-1559 MISC FULLDISC CONFIRM |
| d-link -- wireless_range_extenders |
Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie. | 2017-04-21 | not yet calculated | CVE-2016-1558 MISC FULLDISC CONFIRM |
| dmitry -- dmitry |
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files. | 2017-04-20 | not yet calculated | CVE-2017-7938 MISC MISC |
| drupal -- drupal |
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. | 2017-04-19 | not yet calculated | CVE-2017-6919 BID CONFIRM |
| exagrid -- firmware |
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. | 2017-04-21 | not yet calculated | CVE-2016-1560 MISC MISC MISC |
| exagrid -- firmware |
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. | 2017-04-21 | not yet calculated | CVE-2016-1561 MISC MISC MISC |
| exponent_cms -- exponent_cms |
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | 2017-04-21 | not yet calculated | CVE-2017-7991 MISC MISC MISC |
| feh -- feh |
In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free. | 2017-04-14 | not yet calculated | CVE-2017-7875 BID CONFIRM CONFIRM |
| firewalld -- firewalld |
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. | 2017-04-19 | not yet calculated | CVE-2016-5410 REDHAT CONFIRM MLIST BID CONFIRM FEDORA FEDORA GENTOO |
| geeklog -- geeklog_ivywe |
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml. | 2017-04-20 | not yet calculated | CVE-2016-4849 JVN JVNDB BID CONFIRM CONFIRM CONFIRM |
| gnutls -- gnutls |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. | 2017-04-14 | not yet calculated | CVE-2017-7869 BID MISC MISC CONFIRM |
| google -- android |
Android allows users to cause a denial of service. | 2017-04-21 | not yet calculated | CVE-2016-0833 MISC |
| google -- android |
The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code. | 2017-04-17 | not yet calculated | CVE-2016-6727 CONFIRM BID CONFIRM |
| google -- android |
DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | 2017-04-21 | not yet calculated | CVE-2016-4829 JVN JVNDB |
| google -- android |
DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. | 2017-04-20 | not yet calculated | CVE-2016-4818 CONFIRM JVN JVNDB CONFIRM CONFIRM |
| google -- android |
WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | 2017-04-21 | not yet calculated | CVE-2016-4832 JVN JVNDB BID |
| grandstream -- grandstream_wave_app | The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate. | 2017-04-21 | not yet calculated | CVE-2016-1519 MISC BUGTRAQ MISC |
| grandstream -- grandstream_wave_app |
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. | 2017-04-21 | not yet calculated | CVE-2016-1520 MISC BUGTRAQ MISC |
| grandstream -- grandstream_wave_app |
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/. | 2017-04-21 | not yet calculated | CVE-2016-1518 MISC BUGTRAQ MISC |
| hancom -- hancom_office |
Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file. | 2017-04-20 | not yet calculated | CVE-2016-4293 BID MISC |
| heartland_payment_systems -- heartland_payment_systems |
Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter. | 2017-04-21 | not yet calculated | CVE-2017-7992 MISC |
| hipchat -- hipchat |
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | 2017-04-14 | not yet calculated | CVE-2017-7357 BUGTRAQ BID CONFIRM CONFIRM |
| ibm -- api_connect |
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956. | 2017-04-17 | not yet calculated | CVE-2017-1161 CONFIRM BID |
| ibm -- curam_social_program_management |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. | 2017-04-20 | not yet calculated | CVE-2016-8923 CONFIRM |
| ibm -- curam_social_program_management |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. | 2017-04-20 | not yet calculated | CVE-2016-9979 CONFIRM |
| ibm -- curam_social_program_management |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. | 2017-04-20 | not yet calculated | CVE-2016-9978 CONFIRM |
| ibm -- curam_social_program_management |
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. | 2017-04-20 | not yet calculated | CVE-2016-9980 CONFIRM |
| ibm -- financial_transition_manager |
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. | 2017-04-17 | not yet calculated | CVE-2017-1160 CONFIRM BID |
| ibm -- security_guardium |
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174. | 2017-04-20 | not yet calculated | CVE-2017-1122 CONFIRM |
| imagemagick -- imagemagick | magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. | 2017-04-20 | not yet calculated | CVE-2016-7536 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | 2017-04-20 | not yet calculated | CVE-2016-7521 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. | 2017-04-19 | not yet calculated | CVE-2016-7537 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 2017-04-19 | not yet calculated | CVE-2016-7519 MLIST BID CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. | 2017-04-20 | not yet calculated | CVE-2015-8959 CONFIRM MLIST BID CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | 2017-04-19 | not yet calculated | CVE-2016-7522 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. | 2017-04-19 | not yet calculated | CVE-2016-7529 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 2017-04-20 | not yet calculated | CVE-2016-7527 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. | 2017-04-20 | not yet calculated | CVE-2016-7530 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. | 2017-04-19 | not yet calculated | CVE-2016-7528 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | 2017-04-20 | not yet calculated | CVE-2016-7526 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | 2017-04-20 | not yet calculated | CVE-2016-7538 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. | 2017-04-20 | not yet calculated | CVE-2016-7540 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. | 2017-04-20 | not yet calculated | CVE-2016-7535 MLIST BID CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file. | 2017-04-20 | not yet calculated | CVE-2016-7534 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | 2017-04-20 | not yet calculated | CVE-2016-7532 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. | 2017-04-19 | not yet calculated | CVE-2016-7533 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. | 2017-04-19 | not yet calculated | CVE-2016-7531 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | 2017-04-20 | not yet calculated | CVE-2016-7525 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | 2017-04-20 | not yet calculated | CVE-2016-7514 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors. | 2017-04-20 | not yet calculated | CVE-2016-7513 MLIST BID CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. | 2017-04-20 | not yet calculated | CVE-2015-8957 CONFIRM MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. | 2017-04-20 | not yet calculated | CVE-2016-5010 CONFIRM CONFIRM |
| imagemagick -- imagemagick |
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. | 2017-04-19 | not yet calculated | CVE-2016-7515 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. | 2017-04-20 | not yet calculated | CVE-2015-8958 CONFIRM MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. | 2017-04-20 | not yet calculated | CVE-2016-7516 MLIST BID CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. | 2017-04-20 | not yet calculated | CVE-2016-7520 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file. | 2017-04-20 | not yet calculated | CVE-2016-7518 MLIST BID CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick |
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. | 2017-04-20 | not yet calculated | CVE-2016-7517 MLIST BID CONFIRM CONFIRM CONFIRM |
| imageworsener -- imageworsener |
The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. | 2017-04-18 | not yet calculated | CVE-2017-7940 CONFIRM |
| imageworsener -- imageworsener |
The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | 2017-04-19 | not yet calculated | CVE-2017-7962 MISC MISC MISC |
| imageworsener -- imageworsener |
The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. | 2017-04-18 | not yet calculated | CVE-2017-7939 CONFIRM |
| irregex -- irregex |
The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern. | 2017-04-21 | not yet calculated | CVE-2016-9954 MLIST BID CONFIRM CONFIRM |
| jackson -- jackson |
XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. | 2017-04-14 | not yet calculated | CVE-2016-7051 BID CONFIRM |
| jetstar -- jetstar_app |
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-04-21 | not yet calculated | CVE-2016-1221 JVN JVNDB |
| kintone -- kintone_mobile_app |
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | 2017-04-21 | not yet calculated | CVE-2016-1186 JVN JVNDB CONFIRM |
| lexmark -- perceptive_document_filters |
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 | 2017-04-20 | not yet calculated | CVE-2017-2806 MISC |
| lhasa_limited -- lhasa |
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | 2017-04-21 | not yet calculated | CVE-2016-2347 SUSE SUSE DEBIAN MISC CONFIRM CONFIRM |
| libcroco -- libcroco |
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. | 2017-04-19 | not yet calculated | CVE-2017-7960 MISC MISC |
| libcroco -- libcroco |
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. | 2017-04-19 | not yet calculated | CVE-2017-7961 MISC MISC |
| libplist -- libplist |
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file. | 2017-04-20 | not yet calculated | CVE-2017-7982 CONFIRM |
| linux -- linux_kernel |
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org. | 2017-04-19 | not yet calculated | CVE-2017-7979 MISC MISC MISC MISC MISC MISC MISC |
| manageengine -- password_manager_pro |
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). | 2017-04-20 | not yet calculated | CVE-2016-1161 MISC BID MISC |
| mantisbt -- mantisbt |
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | 2017-04-18 | not yet calculated | CVE-2017-7897 CONFIRM CONFIRM CONFIRM |
| mediawiki -- mediawiki |
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. | 2017-04-20 | not yet calculated | CVE-2016-6335 CONFIRM MLIST CONFIRM CONFIRM |
| mediawiki -- mediawiki |
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. | 2017-04-20 | not yet calculated | CVE-2016-6331 CONFIRM MLIST CONFIRM |
| mediawiki -- mediawiki |
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. | 2017-04-20 | not yet calculated | CVE-2016-6337 MLIST CONFIRM |
| mediawiki -- mediawiki |
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links. | 2017-04-20 | not yet calculated | CVE-2016-6334 CONFIRM MLIST CONFIRM |
| mediawiki -- mediawiki |
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete. | 2017-04-20 | not yet calculated | CVE-2016-6336 CONFIRM MLIST CONFIRM |
| mediawiki -- mediawiki |
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css. | 2017-04-20 | not yet calculated | CVE-2016-6333 CONFIRM MLIST CONFIRM |
| mediawiki -- mediawiki |
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked. | 2017-04-20 | not yet calculated | CVE-2016-6332 CONFIRM MLIST CONFIRM |
| microsoft -- windows |
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | 2017-04-20 | not yet calculated | CVE-2016-4850 JVN JVNDB BID CONFIRM |
| moodle -- moodle |
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read. | 2017-04-20 | not yet calculated | CVE-2016-3734 CONFIRM MLIST BID SECTRACK CONFIRM |
| moodle -- moodle |
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | 2017-04-20 | not yet calculated | CVE-2016-3733 CONFIRM MLIST SECTRACK CONFIRM |
| moodle -- moodle |
Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. | 2017-04-20 | not yet calculated | CVE-2016-3731 MLIST SECTRACK CONFIRM |
| moodle -- moodle |
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. | 2017-04-20 | not yet calculated | CVE-2016-3732 MLIST SECTRACK CONFIRM |
| moodle -- moodle |
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. | 2017-04-20 | not yet calculated | CVE-2016-3729 MLIST SECTRACK CONFIRM |
| moxa -- awk-3131a_wireless_access_point_firmware |
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. | 2017-04-20 | not yet calculated | CVE-2016-8721 MISC |
| netgear -- wireless_access_points |
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. | 2017-04-21 | not yet calculated | CVE-2016-1557 MISC FULLDISC CONFIRM |
| netgear -- wireless_access_points |
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. | 2017-04-21 | not yet calculated | CVE-2016-1556 MISC FULLDISC CONFIRM |
| netgear -- wireless_access_points |
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | 2017-04-21 | not yet calculated | CVE-2016-1555 MISC FULLDISC CONFIRM |
| netiq -- access_manager |
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. | 2017-04-20 | not yet calculated | CVE-2017-5183 CONFIRM |
| netiq -- access_manager |
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. | 2017-04-20 | not yet calculated | CVE-2017-5190 CONFIRM |
| novell -- novell_groupwise | Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. | 2017-04-20 | not yet calculated | CVE-2016-5762 MISC FULLDISC BUGTRAQ BID CONFIRM MISC |
| novell -- novell_groupwise |
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. | 2017-04-20 | not yet calculated | CVE-2016-5760 MISC FULLDISC BUGTRAQ BID CONFIRM MISC |
| novell -- novell_groupwise |
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. | 2017-04-20 | not yet calculated | CVE-2016-5761 MISC FULLDISC BUGTRAQ BID CONFIRM MISC |
| openmrs -- openmrs |
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp. | 2017-04-20 | not yet calculated | CVE-2017-7990 MISC MISC |
| openstack -- manila |
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. | 2017-04-21 | not yet calculated | CVE-2016-6519 REDHAT REDHAT REDHAT MLIST BID CONFIRM CONFIRM |
| opentext -- documentum |
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532. | 2017-04-20 | not yet calculated | CVE-2017-7220 MISC MISC MISC |
| opera -- opera_web_browser |
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | 2017-04-20 | not yet calculated | CVE-2016-4075 MISC |
| ossec -- ossec_web_user_interface |
Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. | 2017-04-20 | not yet calculated | CVE-2016-4847 JVN JVNDB BID CONFIRM |
| ovirt -- ovirt_engine |
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files. | 2017-04-20 | not yet calculated | CVE-2016-6341 BID CONFIRM CONFIRM CONFIRM |
| palo_alto_networks -- pan_os |
Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. | 2017-04-20 | not yet calculated | CVE-2017-7409 CONFIRM |
| pcs_software -- pcs |
Session fixation vulnerability in pcsd in pcs before 0.9.157. | 2017-04-21 | not yet calculated | CVE-2016-0721 FEDORA FEDORA REDHAT CONFIRM CONFIRM CONFIRM CONFIRM |
| pcs_software -- pcs |
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | 2017-04-21 | not yet calculated | CVE-2016-0720 FEDORA FEDORA REDHAT CONFIRM CONFIRM |
| photopt -- photopt_app |
Photopt for Android before 2.0.1 does not verify SSL certificates. | 2017-04-21 | not yet calculated | CVE-2016-1198 JVN JVNDB CONFIRM |
| php -- php |
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. | 2017-04-21 | not yet calculated | CVE-2016-5399 MISC CONFIRM CONFIRM FULLDISC MLIST BUGTRAQ BID SECTRACK CONFIRM CONFIRM EXPLOIT-DB |
| phusionpassenger -- phusionpassenger |
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | 2017-04-18 | not yet calculated | CVE-2016-10345 CONFIRM CONFIRM |
| podpfo -- podpfo | PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp). | 2017-04-22 | not yet calculated | CVE-2017-8053 MISC MISC |
| podpfo -- podpfo |
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | 2017-04-21 | not yet calculated | CVE-2017-7994 MISC MISC |
| podpfo -- podpfo |
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document. | 2017-04-22 | not yet calculated | CVE-2017-8054 MISC |
| qemu -- qemu |
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. | 2017-04-20 | not yet calculated | CVE-2017-7718 CONFIRM MLIST CONFIRM |
| quest_software -- privilege_manager |
pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action. | 2017-04-14 | not yet calculated | CVE-2017-6554 MISC BID EXPLOIT-DB |
| quickheal -- quickheal |
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. | 2017-04-20 | not yet calculated | CVE-2015-8285 EXPLOIT-DB |
| red_hat -- cloudforms_management_engine |
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. | 2017-04-21 | not yet calculated | CVE-2016-3702 CONFIRM |
| red_hat -- enterprise_virtualization_manager |
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. | 2017-04-20 | not yet calculated | CVE-2016-6338 BID CONFIRM |
| red_hat -- jboss_brms |
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page. | 2017-04-20 | not yet calculated | CVE-2016-5401 CONFIRM |
| red_hat -- openshift_enterprise_2 |
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | 2017-04-20 | not yet calculated | CVE-2016-5409 CONFIRM |
| red_hat -- quickstart_cloud_installer |
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. | 2017-04-14 | not yet calculated | CVE-2016-7060 BID REDHAT CONFIRM |
| resteasy -- resteasy |
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-20 | not yet calculated | CVE-2016-6347 BID CONFIRM |
| ruby -- ruby |
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack. | 2017-04-19 | not yet calculated | CVE-2013-7463 MISC |
| samsung -- android |
Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290. | 2017-04-19 | not yet calculated | CVE-2017-7978 CONFIRM |
| sandstorm -- cap'n_proto |
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message. | 2017-04-17 | not yet calculated | CVE-2017-7892 CONFIRM |
| schneider_electric -- wonderware_intouch_access_anywhere |
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. | 2017-04-20 | not yet calculated | CVE-2017-5160 MISC BID MISC |
| schneider_electric -- wonderware_intouch_access_anywhere |
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified. | 2017-04-20 | not yet calculated | CVE-2017-5158 MISC BID MISC |
| schneider_electric -- wonderware_intouch_access_anywhere |
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. | 2017-04-20 | not yet calculated | CVE-2017-5156 MISC BID MISC |
| securebrain -- phishwall_client |
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. | 2017-04-21 | not yet calculated | CVE-2016-4846 JVN JVNDB CONFIRM BID |
| shopware -- shopware |
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. | 2017-04-21 | not yet calculated | CVE-2016-3109 MISC BUGTRAQ CONFIRM |
| skia -- skia |
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. | 2017-04-21 | not yet calculated | CVE-2016-5168 CONFIRM CONFIRM MISC |
| sourcebans-pp -- sourcebans-pp |
sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. | 2017-04-17 | not yet calculated | CVE-2017-7891 BID MISC |
| spring_amqp -- spring_amqp |
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | 2017-04-21 | not yet calculated | CVE-2016-2173 FEDORA FEDORA FEDORA CONFIRM CONFIRM |
| squirrelmail -- squirrelmail |
SquirrelMail 1.4.22 allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting. | 2017-04-20 | not yet calculated | CVE-2017-7692 MISC MISC |
| sushiro -- sushiro_app |
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. | 2017-04-21 | not yet calculated | CVE-2016-4830 JVN JVNDB BID |
| tenable -- appliance |
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands. | 2017-04-21 | not yet calculated | CVE-2017-8051 CONFIRM MISC EXPLOIT-DB |
| tenable -- appliance |
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | 2017-04-21 | not yet calculated | CVE-2017-8050 CONFIRM MISC |
| tenable -- nessus |
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | 2017-04-19 | not yet calculated | CVE-2017-7850 CONFIRM |
| tenable -- nessus |
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | 2017-04-19 | not yet calculated | CVE-2017-7849 CONFIRM |
| tokyo_star_bank -- tokyo_star_bank_app |
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | 2017-04-21 | not yet calculated | CVE-2016-1184 JVN JVNDB CONFIRM |
| toshiba -- coordinate_plus_app |
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | 2017-04-21 | not yet calculated | CVE-2016-4840 JVN JVNDB BID |
| trend_micro -- interscan_messaging_security_virtual_appliance |
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. | 2017-04-18 | not yet calculated | CVE-2017-7896 BID CONFIRM |
| twigmo -- twigmo_for_cs-cart |
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | 2017-04-20 | not yet calculated | CVE-2016-4862 JVN JVNDB CONFIRM BID |
| unitrends -- enterprise_backup |
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. | 2017-04-19 | not yet calculated | CVE-2017-7283 MISC MISC |
| unitrends -- enterprise_backup |
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI). | 2017-04-19 | not yet calculated | CVE-2017-7282 MISC MISC |
| unrtf -- unrtf |
Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function. | 2017-04-21 | not yet calculated | CVE-2016-10091 CONFIRM MLIST MLIST BID CONFIRM |
| watchguard -- fireware |
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox. | 2017-04-22 | not yet calculated | CVE-2017-8056 MISC MISC MISC MISC |
| watchguard -- fireware |
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox. | 2017-04-22 | not yet calculated | CVE-2017-8055 MISC MISC MISC MISC |
| wondercms -- wondercms |
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. | 2017-04-20 | not yet calculated | CVE-2017-7951 CONFIRM CONFIRM |
| zyxel -- wre6505 |
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. | 2017-04-19 | not yet calculated | CVE-2017-7964 MISC |
** 출처: [US-CERT: Bulletin(SB17-114)] 2017년 4월 17일까지 발표된 보안 취약점
'IT 와 Social 이야기' 카테고리의 다른 글
| [김환희] 딥러닝으로 게임 콘텐츠 제작하기 - VAE를 이용한 콘텐츠 생성 기법 연구 사례 (0) | 2017.04.27 |
|---|---|
| [강임성] 게임 디자이너 커리어 포스트모템 (0) | 2017.04.27 |
| [ITFIND] 미국, 2017년부터 배달전용 자율주행 로봇 활성화 전망 (0) | 2017.04.26 |
| [ITFIND] 자율주행차 최근 동향 (0) | 2017.04.26 |
| [KISDI] 모바일 웹과 앱의 이용패턴 비교와 모바일 인터넷 서비스의 생태계 (0) | 2017.04.26 |
