본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB17-114)] 2017년 4월 17일까지 발표된 보안 취약점

by manga0713 2017. 4. 27.

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- tomcat In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. 2017-04-17 7.5 CVE-2017-5651
BID(link is external)
CONFIRM
MLIST
apache -- traffic_server Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. 2017-04-17 7.8 CVE-2016-5396
CONFIRM
canonical -- ubuntu_linux The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup. 2017-04-14 7.2 CVE-2016-0727
MISC(link is external)
BID(link is external)
SECTRACK(link is external)
UBUNTU(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
ffmpeg -- ffmpeg FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. 2017-04-14 7.5 CVE-2017-7859
BID(link is external)
MISC
ffmpeg -- ffmpeg FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. 2017-04-14 7.5 CVE-2017-7862
BID(link is external)
MISC
MISC(link is external)
ffmpeg -- ffmpeg FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. 2017-04-14 7.5 CVE-2017-7863
BID(link is external)
MISC
MISC(link is external)
ffmpeg -- ffmpeg FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. 2017-04-14 7.5 CVE-2017-7865
BID(link is external)
MISC
MISC(link is external)
ffmpeg -- ffmpeg FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. 2017-04-14 7.5 CVE-2017-7866
BID(link is external)
MISC
MISC(link is external)
flatcore -- flatcore-cms SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. 2017-04-14 7.5 CVE-2017-7878
CONFIRM(link is external)
freetype -- freetype2 FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. 2017-04-14 7.5 CVE-2016-10328
MISC
MISC
BID(link is external)
MISC
freetype -- freetype2 FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. 2017-04-14 7.5 CVE-2017-7857
MISC
BID(link is external)
MISC
freetype -- freetype2 FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. 2017-04-14 7.5 CVE-2017-7858
MISC
BID(link is external)
MISC
freetype -- freetype2 FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. 2017-04-14 7.5 CVE-2017-7864
MISC
BID(link is external)
MISC
google -- android Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices. 2017-04-17 10.0 CVE-2016-6726
BID(link is external)
CONFIRM(link is external)
grpc -- grpc Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. 2017-04-14 7.5 CVE-2017-7860
BID(link is external)
MISC
MISC(link is external)
grpc -- grpc Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. 2017-04-14 7.5 CVE-2017-7861
BID(link is external)
MISC
MISC(link is external)
ibm -- spectrum_lsf IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. 2017-04-14 7.2 CVE-2017-1205
MISC(link is external)
BID(link is external)
libreoffice -- libreoffice LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. 2017-04-14 7.5 CVE-2016-10327
BID(link is external)
MISC
MISC(link is external)
libreoffice -- libreoffice LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. 2017-04-14 7.5 CVE-2017-7856
BID(link is external)
MISC
MISC(link is external)
libreoffice -- libreoffice LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. 2017-04-14 7.5 CVE-2017-7870
BID(link is external)
MISC
MISC(link is external)
libreoffice -- libreoffice LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. 2017-04-15 7.5 CVE-2017-7882
BID(link is external)
MISC
MISC(link is external)
linux -- linux_kernel The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. 2017-04-18 7.8 CVE-2017-7645
MISC(link is external)
MISC(link is external)
linux -- linux_kernel The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. 2017-04-16 7.2 CVE-2017-7889
MISC
MISC(link is external)
BID(link is external)
MISC(link is external)
proxifier -- proxifier_for_mac Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program. 2017-04-14 7.2 CVE-2017-7643
FULLDISC
MISC(link is external)
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- tomcat A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. 2017-04-17 5.0 CVE-2017-5647
MLIST
apache -- tomcat While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. 2017-04-17 6.4 CVE-2017-5648
BID(link is external)
MLIST
apache -- tomcat In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads. 2017-04-17 5.0 CVE-2017-5650
BID(link is external)
MLIST
apache -- traffic_server Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. 2017-04-17 5.0 CVE-2017-5659
CONFIRM
artifex -- ghostscript The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. 2017-04-14 6.8 CVE-2016-8602
CONFIRM(link is external)
MLIST(link is external)
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
bigtreecms -- bigtree_cms BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14. 2017-04-15 6.8 CVE-2017-7881
MISC(link is external)
bitrix_project -- bitrix Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php. 2017-04-14 6.0 CVE-2015-8356
MISC(link is external)
BUGTRAQ(link is external)
BID(link is external)
MISC(link is external)
cybozu -- office The "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote authenticated users to read closed project information. 2017-04-17 4.0 CVE-2016-4867
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject arbitrary email headers. 2017-04-17 4.3 CVE-2016-4868
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain session information from users. 2017-04-17 4.3 CVE-2016-4869
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. 2017-04-17 6.8 CVE-2016-4871
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- office The "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 allows remote authenticated users to read the names of closed projects. 2017-04-17 4.0 CVE-2016-4872
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- office The "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not properly check access permissions, which allows remote authenticated users to alter project information. 2017-04-17 4.0 CVE-2016-4873
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
databox_project -- databox_plugin Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-14 4.3 CVE-2016-4875
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
flatcore -- flatcore-cms CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. 2017-04-14 6.8 CVE-2017-7877
BID(link is external)
CONFIRM(link is external)
flatcore -- flatcore-cms SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. 2017-04-14 5.0 CVE-2017-7879
CONFIRM(link is external)
ibm -- cognos_business_intelligence IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612. 2017-04-17 5.0 CVE-2016-3036
CONFIRM(link is external)
BID(link is external)
ibm -- financial_transaction_manager IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. 2017-04-14 4.0 CVE-2017-1152
CONFIRM(link is external)
ibm -- marketing_platform IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236. 2017-04-17 4.9 CVE-2016-0228
CONFIRM(link is external)
BID(link is external)
ibm -- tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538. 2017-04-14 6.8 CVE-2016-8925
CONFIRM(link is external)
BID(link is external)
ibm -- tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539. 2017-04-14 4.0 CVE-2016-8926
CONFIRM(link is external)
imagemagick -- imagemagick coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. 2017-04-19 4.3 CVE-2014-9907
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. 2017-04-18 4.3 CVE-2017-7941
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. 2017-04-18 4.3 CVE-2017-7942
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. 2017-04-18 4.3 CVE-2017-7943
CONFIRM(link is external)
mantisbt -- mantisbt MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. 2017-04-16 6.5 CVE-2017-7615
MISC
MISC(link is external)
BID(link is external)
CONFIRM
mongodb -- mongodb mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. 2017-04-14 5.0 CVE-2016-3104
BID(link is external)
CONFIRM(link is external)
CONFIRM
moxa -- mxview Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. 2017-04-14 5.0 CVE-2017-7455
MISC
MISC(link is external)
FULLDISC
moxa -- mxview Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. 2017-04-14 5.0 CVE-2017-7456
MISC
FULLDISC
palo_alto_networks -- traps Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. 2017-04-14 5.0 CVE-2017-7408
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
paloaltonetworks -- pan-os The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. 2017-04-14 4.0 CVE-2017-7217
BID(link is external)
CONFIRM(link is external)
paloaltonetworks -- pan-os The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. 2017-04-14 4.6 CVE-2017-7218
BID(link is external)
CONFIRM(link is external)
radare -- radare2 The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. 2017-04-18 4.3 CVE-2017-7946
CONFIRM(link is external)
CONFIRM(link is external)
sap -- netweaver SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. 2017-04-14 6.5 CVE-2017-7717
BID(link is external)
MISC(link is external)
symantec -- messaging_gateway Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. 2017-04-14 4.0 CVE-2016-5312
MISC(link is external)
FULLDISC
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
wolfcms -- wolf_cms Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality. 2017-04-14 6.5 CVE-2015-6567
MISC(link is external)
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
CONFIRM
wolfcms -- wolf_cms Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality. 2017-04-14 6.5 CVE-2015-6568
MISC(link is external)
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
CONFIRM
zohocorp -- servicedesk_plus ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions. 2017-04-14 6.5 CVE-2016-4889
JVN(link is external)
JVNDB(link is external)
BID(link is external)
zohocorp -- servicedesk_plus ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie. 2017-04-14 5.0 CVE-2016-4890
JVN(link is external)
JVNDB(link is external)
BID(link is external)
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cybozu -- office Cross-site scripting (XSS) vulnerability in the "Customapp" function in Cybozu Office 9.0.0 through 10.4.0. 2017-04-17 3.5 CVE-2016-4865
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- office Cross-site scripting (XSS) vulnerability in the "Project" function in Cybozu Office 9.0.0 through 10.4.0. 2017-04-17 3.5 CVE-2016-4866
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- office Cross-site scripting (XSS) vulnerability in "Schedule" function in Cybozu Office 9.0.0 through 10.4.0. 2017-04-17 3.5 CVE-2016-4870
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. 2017-04-17 3.5 CVE-2016-4874
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
ibm -- cognos_business_intelligence IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613. 2017-04-17 3.5 CVE-2016-3037
CONFIRM(link is external)
BID(link is external)
ibm -- cognos_business_intelligence IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614. 2017-04-17 3.5 CVE-2016-3038
CONFIRM(link is external)
BID(link is external)
ibm -- tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540. 2017-04-14 3.5 CVE-2016-8927
CONFIRM(link is external)
BID(link is external)
moxa -- mx-aopc_server XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. 2017-04-14 1.9 CVE-2017-7457
MISC
FULLDISC
zohocorp -- servicedesk_plus Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-14 3.5 CVE-2016-4888
JVN(link is external)
JVNDB(link is external)
BID(link is external)
zurmo -- zurmo_crm Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. 2017-04-14 3.5 CVE-2017-7188
BID(link is external)
MISC
MISC(link is external)
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
105_bank -- 105_bank_app
 
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-21 not yet calculated CVE-2016-1210
JVN(link is external)
JVNDB(link is external)
akerun -- smart_lock_robot_app
 
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-1148
JVN(link is external)
JVNDB(link is external)
CONFIRM(link is external)
apache -- batik
 
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. 2017-04-18 not yet calculated CVE-2017-5662
CONFIRM
apache -- cxf
 
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. 2017-04-18 not yet calculated CVE-2017-5653
CONFIRM
apache -- cxf
 
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. 2017-04-18 not yet calculated CVE-2017-5656
CONFIRM
apache -- fop
 
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. 2017-04-18 not yet calculated CVE-2017-5661
CONFIRM
apache -- log4j
 
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. 2017-04-17 not yet calculated CVE-2017-5645
BID(link is external)
CONFIRM
apple -- operating_systems
 
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-20 not yet calculated CVE-2016-4650
BID(link is external)
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
arm_holdings -- mbed_TLS
 
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. 2017-04-20 not yet calculated CVE-2017-2784
MISC(link is external)
CONFIRM
artifex -- artifex
 
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. 2017-04-16 not yet calculated CVE-2017-7885
MISC(link is external)
artifex -- ghostscript
 
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. 2017-04-19 not yet calculated CVE-2017-7948
CONFIRM(link is external)
CONFIRM(link is external)
artifex -- jbig2dec
 
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. 2017-04-19 not yet calculated CVE-2017-7975
MISC(link is external)
artifex -- jbig2dec
 
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. 2017-04-19 not yet calculated CVE-2017-7976
MISC(link is external)
asterisk -- asterisk
 
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). 2017-04-17 not yet calculated CVE-2016-7551
CONFIRM
DEBIAN
MISC
CONFIRM(link is external)
MISC
axis_communications -- network_cameras
 
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. 2017-04-17 not yet calculated CVE-2015-8256
MISC(link is external)
BID(link is external)
EXPLOIT-DB(link is external)
blackberry -- blackberry
 
The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. 2017-04-21 not yet calculated CVE-2016-2433
CONFIRM(link is external)
c/c++ -- c/c++
 
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. 2017-04-14 not yet calculated CVE-2017-7868
MISC
BID(link is external)
MISC
c/c++ -- c/c++
 
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. 2017-04-14 not yet calculated CVE-2017-7867
MISC
BID(link is external)
MISC
cisco -- adaptive_security_appliance_software A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Note: Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.12) 9.2(4.18) 9.4(3.12) 9.5(3.2) 9.6(2.2). Cisco Bug IDs: CSCvb40898. 2017-04-20 not yet calculated CVE-2017-6607
BID(link is external)
CONFIRM(link is external)
cisco -- adaptive_security_appliance_software
 
A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321. 2017-04-20 not yet calculated CVE-2017-3793
BID(link is external)
CONFIRM(link is external)
cisco -- adaptive_security_appliance_software
 
A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.7) 9.2(4.11) 9.4(4) 9.5(3) 9.6(1.5). Cisco Bug IDs: CSCuz11685. 2017-04-20 not yet calculated CVE-2017-6610
BID(link is external)
CONFIRM(link is external)
cisco -- adaptive_security_appliance_software
 
A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 8.4(7.31) 9.0(4.39) 9.1(7) 9.2(4.6) 9.3(3.8) 9.4(2) 9.5(2). Cisco Bug IDs: CSCuv48243. 2017-04-20 not yet calculated CVE-2017-6608
BID(link is external)
CONFIRM(link is external)
cisco -- adaptive_security_appliance_software
 
A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. An attacker needs to establish a valid IPsec tunnel before exploiting this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.8) 9.2(4.15) 9.4(4) 9.5(3.2) 9.6(2). Cisco Bug IDs: CSCun16158. 2017-04-20 not yet calculated CVE-2017-6609
BID(link is external)
CONFIRM(link is external)
cisco -- findit_network_probe_software
 
A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628. 2017-04-20 not yet calculated CVE-2017-6614
BID(link is external)
CONFIRM(link is external)
cisco -- firepower_system_software
 
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876. 2017-04-20 not yet calculated CVE-2016-6368
BID(link is external)
CONFIRM(link is external)
cisco -- integrated_management_controller
 
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578. 2017-04-20 not yet calculated CVE-2017-6616
BID(link is external)
CONFIRM(link is external)
cisco -- integrated_management_controller
 
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591. 2017-04-20 not yet calculated CVE-2017-6619
BID(link is external)
CONFIRM(link is external)
cisco -- integrated_management_controller
 
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583. 2017-04-20 not yet calculated CVE-2017-6617
BID(link is external)
CONFIRM(link is external)
cisco -- integrated_management_controller
 
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587. 2017-04-20 not yet calculated CVE-2017-6618
BID(link is external)
CONFIRM(link is external)
cisco -- ios_ios_xe

 
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut47751. 2017-04-20 not yet calculated CVE-2017-3861
BID(link is external)
CONFIRM(link is external)
cisco -- ios_ios_xe
 
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCur29331. 2017-04-20 not yet calculated CVE-2017-3860
BID(link is external)
CONFIRM(link is external)
cisco -- ios_ios_xe

 
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut50727. 2017-04-20 not yet calculated CVE-2017-3863
BID(link is external)
CONFIRM(link is external)
cisco -- ios_ios_xe

 
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCuu76493. 2017-04-20 not yet calculated CVE-2017-3862
BID(link is external)
CONFIRM(link is external)
cisco -- ios_xe
 
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392. 2017-04-20 not yet calculated CVE-2017-6615
BID(link is external)
CONFIRM(link is external)
cisco -- prime
 
A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCuw65830. 2017-04-20 not yet calculated CVE-2017-6611
BID(link is external)
CONFIRM(link is external)
cisco -- prime
 
A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition. This vulnerability affects Cisco Prime Network Registrar on all software versions prior to 8.3.5. Cisco Bug IDs: CSCvb55412. 2017-04-20 not yet calculated CVE-2017-6613
BID(link is external)
CONFIRM(link is external)
cisco -- unified_communications_manager
 
A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455. 2017-04-20 not yet calculated CVE-2017-3808
BID(link is external)
CONFIRM(link is external)
cloud_foundry -- cloud_controller
 
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. 2017-04-20 not yet calculated CVE-2017-4969
CONFIRM
craft_cms -- craft_cms
 
Craft CMS before 2.6.2974 allows XSS attacks. 2017-04-21 not yet calculated CVE-2017-8052
CONFIRM(link is external)
CONFIRM(link is external)
cybozu -- cybozu_kunai_app
 
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-1187
JVN(link is external)
JVNDB(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
cybozu -- garoon
 
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. 2017-04-20 not yet calculated CVE-2016-1215
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- garoon
 
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. 2017-04-20 not yet calculated CVE-2016-1214
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- garoon
 
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. 2017-04-21 not yet calculated CVE-2016-1194
JVN(link is external)
JVNDB(link is external)
CONFIRM(link is external)
cybozu -- garoon
 
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. 2017-04-20 not yet calculated CVE-2016-1217
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- garoon
 
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. 2017-04-20 not yet calculated CVE-2016-1213
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- garoon
 
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. 2017-04-20 not yet calculated CVE-2016-1216
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- garoon
 
SQL injection vulnerability in Cybozu Garoon before 4.2.2. 2017-04-20 not yet calculated CVE-2016-1218
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- garoon
 
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. 2017-04-20 not yet calculated CVE-2016-1219
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybozu -- garoon
 
Cybozu Garoon before 4.2.2 does not properly restrict access. 2017-04-20 not yet calculated CVE-2016-1220
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybuzo -- mailwise Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. 2017-04-20 not yet calculated CVE-2016-4844
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybuzo -- mailwise
 
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. 2017-04-20 not yet calculated CVE-2016-4843
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybuzo -- mailwise
 
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. 2017-04-20 not yet calculated CVE-2016-4842
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cybuzo -- mailwise
 
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. 2017-04-21 not yet calculated CVE-2016-4841
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
cygwin -- cygwin
 
Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges. 2017-04-21 not yet calculated CVE-2016-3067
MLIST(link is external)
MLIST(link is external)
MLIST(link is external)
MLIST(link is external)
CONFIRM
d-link -- wireless_range_extender_hardware
 
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. 2017-04-21 not yet calculated CVE-2016-1559
MISC(link is external)
FULLDISC
CONFIRM(link is external)
d-link -- wireless_range_extenders
 
Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie. 2017-04-21 not yet calculated CVE-2016-1558
MISC(link is external)
FULLDISC
CONFIRM(link is external)
dmitry -- dmitry
 
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files. 2017-04-20 not yet calculated CVE-2017-7938
MISC(link is external)
MISC(link is external)
drupal -- drupal
 
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. 2017-04-19 not yet calculated CVE-2017-6919
BID(link is external)
CONFIRM
exagrid -- firmware
 
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. 2017-04-21 not yet calculated CVE-2016-1560
MISC(link is external)
MISC(link is external)
MISC(link is external)
exagrid -- firmware
 
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. 2017-04-21 not yet calculated CVE-2016-1561
MISC(link is external)
MISC(link is external)
MISC(link is external)
exponent_cms -- exponent_cms
 
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. 2017-04-21 not yet calculated CVE-2017-7991
MISC
MISC(link is external)
MISC(link is external)
feh -- feh
 
In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free. 2017-04-14 not yet calculated CVE-2017-7875
BID(link is external)
CONFIRM
CONFIRM(link is external)
firewalld -- firewalld
 
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. 2017-04-19 not yet calculated CVE-2016-5410
REDHAT(link is external)
CONFIRM
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
FEDORA
FEDORA
GENTOO
geeklog -- geeklog_ivywe
 
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml. 2017-04-20 not yet calculated CVE-2016-4849
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
gnutls -- gnutls
 
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. 2017-04-14 not yet calculated CVE-2017-7869
BID(link is external)
MISC
MISC(link is external)
CONFIRM
google -- android
 
Android allows users to cause a denial of service. 2017-04-21 not yet calculated CVE-2016-0833
MISC(link is external)
google -- android
 
The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code. 2017-04-17 not yet calculated CVE-2016-6727
CONFIRM(link is external)
BID(link is external)
CONFIRM(link is external)
google -- android
 
DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-4829
JVN(link is external)
JVNDB(link is external)
google -- android
 
DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. 2017-04-20 not yet calculated CVE-2016-4818
CONFIRM(link is external)
JVN(link is external)
JVNDB(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-4832
JVN(link is external)
JVNDB(link is external)
BID(link is external)
grandstream -- grandstream_wave_app The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate. 2017-04-21 not yet calculated CVE-2016-1519
MISC(link is external)
BUGTRAQ(link is external)
MISC(link is external)
grandstream -- grandstream_wave_app
 
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. 2017-04-21 not yet calculated CVE-2016-1520
MISC(link is external)
BUGTRAQ(link is external)
MISC(link is external)
grandstream -- grandstream_wave_app
 
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/. 2017-04-21 not yet calculated CVE-2016-1518
MISC(link is external)
BUGTRAQ(link is external)
MISC(link is external)
hancom -- hancom_office
 
Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file. 2017-04-20 not yet calculated CVE-2016-4293
BID(link is external)
MISC(link is external)
heartland_payment_systems -- heartland_payment_systems
 
Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter. 2017-04-21 not yet calculated CVE-2017-7992
MISC(link is external)
hipchat -- hipchat
 
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. 2017-04-14 not yet calculated CVE-2017-7357
BUGTRAQ(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
ibm -- api_connect
 
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956. 2017-04-17 not yet calculated CVE-2017-1161
CONFIRM(link is external)
BID(link is external)
ibm -- curam_social_program_management
 
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. 2017-04-20 not yet calculated CVE-2016-8923
CONFIRM(link is external)
ibm -- curam_social_program_management
 
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. 2017-04-20 not yet calculated CVE-2016-9979
CONFIRM(link is external)
ibm -- curam_social_program_management
 
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. 2017-04-20 not yet calculated CVE-2016-9978
CONFIRM(link is external)
ibm -- curam_social_program_management
 
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. 2017-04-20 not yet calculated CVE-2016-9980
CONFIRM(link is external)
ibm -- financial_transition_manager
 
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. 2017-04-17 not yet calculated CVE-2017-1160
CONFIRM(link is external)
BID(link is external)
ibm -- security_guardium
 
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174. 2017-04-20 not yet calculated CVE-2017-1122
CONFIRM(link is external)
imagemagick -- imagemagick magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. 2017-04-20 not yet calculated CVE-2016-7536
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. 2017-04-20 not yet calculated CVE-2016-7521
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. 2017-04-19 not yet calculated CVE-2016-7537
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-04-19 not yet calculated CVE-2016-7519
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. 2017-04-20 not yet calculated CVE-2015-8959
CONFIRM
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. 2017-04-19 not yet calculated CVE-2016-7522
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. 2017-04-19 not yet calculated CVE-2016-7529
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-04-20 not yet calculated CVE-2016-7527
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. 2017-04-20 not yet calculated CVE-2016-7530
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. 2017-04-19 not yet calculated CVE-2016-7528
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. 2017-04-20 not yet calculated CVE-2016-7526
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. 2017-04-20 not yet calculated CVE-2016-7538
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. 2017-04-20 not yet calculated CVE-2016-7540
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. 2017-04-20 not yet calculated CVE-2016-7535
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file. 2017-04-20 not yet calculated CVE-2016-7534
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. 2017-04-20 not yet calculated CVE-2016-7532
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. 2017-04-19 not yet calculated CVE-2016-7533
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. 2017-04-19 not yet calculated CVE-2016-7531
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. 2017-04-20 not yet calculated CVE-2016-7525
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. 2017-04-20 not yet calculated CVE-2016-7514
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors. 2017-04-20 not yet calculated CVE-2016-7513
MLIST(link is external)
BID(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. 2017-04-20 not yet calculated CVE-2015-8957
CONFIRM
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. 2017-04-20 not yet calculated CVE-2016-5010
CONFIRM
CONFIRM(link is external)
imagemagick -- imagemagick
 
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. 2017-04-19 not yet calculated CVE-2016-7515
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. 2017-04-20 not yet calculated CVE-2015-8958
CONFIRM
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. 2017-04-20 not yet calculated CVE-2016-7516
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. 2017-04-20 not yet calculated CVE-2016-7520
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file. 2017-04-20 not yet calculated CVE-2016-7518
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick
 
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. 2017-04-20 not yet calculated CVE-2016-7517
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imageworsener -- imageworsener
 
The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. 2017-04-18 not yet calculated CVE-2017-7940
CONFIRM(link is external)
imageworsener -- imageworsener

 
The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. 2017-04-19 not yet calculated CVE-2017-7962
MISC
MISC(link is external)
MISC(link is external)
imageworsener -- imageworsener
 
The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. 2017-04-18 not yet calculated CVE-2017-7939
CONFIRM(link is external)
irregex -- irregex
 
The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern. 2017-04-21 not yet calculated CVE-2016-9954
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
jackson -- jackson
 
XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. 2017-04-14 not yet calculated CVE-2016-7051
BID(link is external)
CONFIRM(link is external)
jetstar -- jetstar_app
 
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-21 not yet calculated CVE-2016-1221
JVN(link is external)
JVNDB(link is external)
kintone -- kintone_mobile_app
 
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. 2017-04-21 not yet calculated CVE-2016-1186
JVN(link is external)
JVNDB(link is external)
CONFIRM(link is external)
lexmark -- perceptive_document_filters
 
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 2017-04-20 not yet calculated CVE-2017-2806
MISC(link is external)
lhasa_limited -- lhasa
 
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. 2017-04-21 not yet calculated CVE-2016-2347
SUSE
SUSE
DEBIAN
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
libcroco -- libcroco
 
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. 2017-04-19 not yet calculated CVE-2017-7960
MISC
MISC
libcroco -- libcroco
 
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. 2017-04-19 not yet calculated CVE-2017-7961
MISC
MISC
libplist -- libplist
 
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file. 2017-04-20 not yet calculated CVE-2017-7982
CONFIRM(link is external)
linux -- linux_kernel
 
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org. 2017-04-19 not yet calculated CVE-2017-7979
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
manageengine -- password_manager_pro
 
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). 2017-04-20 not yet calculated CVE-2016-1161
MISC(link is external)
BID(link is external)
MISC(link is external)
mantisbt -- mantisbt
 
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. 2017-04-18 not yet calculated CVE-2017-7897
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
mediawiki -- mediawiki
 
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. 2017-04-20 not yet calculated CVE-2016-6335
CONFIRM(link is external)
MLIST
CONFIRM
CONFIRM
mediawiki -- mediawiki
 
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. 2017-04-20 not yet calculated CVE-2016-6331
CONFIRM(link is external)
MLIST
CONFIRM
mediawiki -- mediawiki
 
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. 2017-04-20 not yet calculated CVE-2016-6337
MLIST
CONFIRM
mediawiki -- mediawiki
 
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links. 2017-04-20 not yet calculated CVE-2016-6334
CONFIRM(link is external)
MLIST
CONFIRM
mediawiki -- mediawiki
 
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete. 2017-04-20 not yet calculated CVE-2016-6336
CONFIRM(link is external)
MLIST
CONFIRM
mediawiki -- mediawiki
 
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css. 2017-04-20 not yet calculated CVE-2016-6333
CONFIRM(link is external)
MLIST
CONFIRM
mediawiki -- mediawiki
 
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked. 2017-04-20 not yet calculated CVE-2016-6332
CONFIRM(link is external)
MLIST
CONFIRM
microsoft -- windows
 
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. 2017-04-20 not yet calculated CVE-2016-4850
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
moodle -- moodle

 
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read. 2017-04-20 not yet calculated CVE-2016-3734
CONFIRM
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
moodle -- moodle

 
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. 2017-04-20 not yet calculated CVE-2016-3733
CONFIRM
MLIST(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
moodle -- moodle

 
Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. 2017-04-20 not yet calculated CVE-2016-3731
MLIST(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
moodle -- moodle

 
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. 2017-04-20 not yet calculated CVE-2016-3732
MLIST(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
moodle -- moodle
 
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. 2017-04-20 not yet calculated CVE-2016-3729
MLIST(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
moxa -- awk-3131a_wireless_access_point_firmware
 
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. 2017-04-20 not yet calculated CVE-2016-8721
MISC(link is external)
netgear -- wireless_access_points
 
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. 2017-04-21 not yet calculated CVE-2016-1557
MISC(link is external)
FULLDISC
CONFIRM(link is external)
netgear -- wireless_access_points
 
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. 2017-04-21 not yet calculated CVE-2016-1556
MISC(link is external)
FULLDISC
CONFIRM(link is external)
netgear -- wireless_access_points
 
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. 2017-04-21 not yet calculated CVE-2016-1555
MISC(link is external)
FULLDISC
CONFIRM(link is external)
netiq -- access_manager
 
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. 2017-04-20 not yet calculated CVE-2017-5183
CONFIRM(link is external)
netiq -- access_manager
 
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. 2017-04-20 not yet calculated CVE-2017-5190
CONFIRM(link is external)
novell -- novell_groupwise Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. 2017-04-20 not yet calculated CVE-2016-5762
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
CONFIRM(link is external)
MISC(link is external)
novell -- novell_groupwise
 
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. 2017-04-20 not yet calculated CVE-2016-5760
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
CONFIRM(link is external)
MISC(link is external)
novell -- novell_groupwise
 
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. 2017-04-20 not yet calculated CVE-2016-5761
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
CONFIRM(link is external)
MISC(link is external)
openmrs -- openmrs
 
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp. 2017-04-20 not yet calculated CVE-2017-7990
MISC(link is external)
MISC(link is external)
openstack -- manila
 
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. 2017-04-21 not yet calculated CVE-2016-6519
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
opentext -- documentum
 
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532. 2017-04-20 not yet calculated CVE-2017-7220
MISC
MISC(link is external)
MISC(link is external)
opera -- opera_web_browser
 
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. 2017-04-20 not yet calculated CVE-2016-4075
MISC(link is external)
ossec -- ossec_web_user_interface
 
Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. 2017-04-20 not yet calculated CVE-2016-4847
JVN(link is external)
JVNDB(link is external)
BID(link is external)
CONFIRM(link is external)
ovirt -- ovirt_engine
 
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files. 2017-04-20 not yet calculated CVE-2016-6341
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
palo_alto_networks -- pan_os
 
Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. 2017-04-20 not yet calculated CVE-2017-7409
CONFIRM(link is external)
pcs_software -- pcs
 
Session fixation vulnerability in pcsd in pcs before 0.9.157. 2017-04-21 not yet calculated CVE-2016-0721
FEDORA
FEDORA
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
pcs_software -- pcs
 
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. 2017-04-21 not yet calculated CVE-2016-0720
FEDORA
FEDORA
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
photopt -- photopt_app
 
Photopt for Android before 2.0.1 does not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-1198
JVN(link is external)
JVNDB(link is external)
CONFIRM(link is external)
php -- php
 
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. 2017-04-21 not yet calculated CVE-2016-5399
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
FULLDISC
MLIST(link is external)
BUGTRAQ(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
phusionpassenger -- phusionpassenger
 
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. 2017-04-18 not yet calculated CVE-2016-10345
CONFIRM(link is external)
CONFIRM(link is external)
podpfo -- podpfo PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp). 2017-04-22 not yet calculated CVE-2017-8053
MISC(link is external)
MISC(link is external)
podpfo -- podpfo
 
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. 2017-04-21 not yet calculated CVE-2017-7994
MISC(link is external)
MISC(link is external)
podpfo -- podpfo
 
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document. 2017-04-22 not yet calculated CVE-2017-8054
MISC(link is external)
qemu -- qemu
 
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. 2017-04-20 not yet calculated CVE-2017-7718
CONFIRM
MLIST(link is external)
CONFIRM(link is external)
quest_software -- privilege_manager
 
pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action. 2017-04-14 not yet calculated CVE-2017-6554
MISC(link is external)
BID(link is external)
EXPLOIT-DB(link is external)
quickheal -- quickheal
 
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. 2017-04-20 not yet calculated CVE-2015-8285
EXPLOIT-DB(link is external)
red_hat -- cloudforms_management_engine
 
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. 2017-04-21 not yet calculated CVE-2016-3702
CONFIRM(link is external)
red_hat -- enterprise_virtualization_manager
 
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. 2017-04-20 not yet calculated CVE-2016-6338
BID(link is external)
CONFIRM(link is external)
red_hat -- jboss_brms
 
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page. 2017-04-20 not yet calculated CVE-2016-5401
CONFIRM(link is external)
red_hat -- openshift_enterprise_2
 
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. 2017-04-20 not yet calculated CVE-2016-5409
CONFIRM(link is external)
red_hat -- quickstart_cloud_installer
 
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. 2017-04-14 not yet calculated CVE-2016-7060
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
resteasy -- resteasy
 
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-20 not yet calculated CVE-2016-6347
BID(link is external)
CONFIRM(link is external)
ruby -- ruby
 
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack. 2017-04-19 not yet calculated CVE-2013-7463
MISC(link is external)
samsung -- android
 
Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290. 2017-04-19 not yet calculated CVE-2017-7978
CONFIRM(link is external)
sandstorm -- cap'n_proto
 
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message. 2017-04-17 not yet calculated CVE-2017-7892
CONFIRM(link is external)
schneider_electric -- wonderware_intouch_access_anywhere
 
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. 2017-04-20 not yet calculated CVE-2017-5160
MISC(link is external)
BID(link is external)
MISC
schneider_electric -- wonderware_intouch_access_anywhere
 
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified. 2017-04-20 not yet calculated CVE-2017-5158
MISC(link is external)
BID(link is external)
MISC
schneider_electric -- wonderware_intouch_access_anywhere
 
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. 2017-04-20 not yet calculated CVE-2017-5156
MISC(link is external)
BID(link is external)
MISC
securebrain -- phishwall_client
 
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. 2017-04-21 not yet calculated CVE-2016-4846
JVN(link is external)
JVNDB(link is external)
CONFIRM(link is external)
BID(link is external)
shopware -- shopware
 
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. 2017-04-21 not yet calculated CVE-2016-3109
MISC(link is external)
BUGTRAQ(link is external)
CONFIRM(link is external)
skia -- skia
 
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. 2017-04-21 not yet calculated CVE-2016-5168
CONFIRM
CONFIRM(link is external)
MISC(link is external)
sourcebans-pp -- sourcebans-pp
 
sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. 2017-04-17 not yet calculated CVE-2017-7891
BID(link is external)
MISC(link is external)
spring_amqp -- spring_amqp
 
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. 2017-04-21 not yet calculated CVE-2016-2173
FEDORA
FEDORA
FEDORA
CONFIRM(link is external)
CONFIRM(link is external)
squirrelmail -- squirrelmail
 
SquirrelMail 1.4.22 allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting. 2017-04-20 not yet calculated CVE-2017-7692
MISC(link is external)
MISC(link is external)
sushiro -- sushiro_app
 
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-4830
JVN(link is external)
JVNDB(link is external)
BID(link is external)
tenable -- appliance

 
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands. 2017-04-21 not yet calculated CVE-2017-8051
CONFIRM(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
tenable -- appliance
 
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. 2017-04-21 not yet calculated CVE-2017-8050
CONFIRM(link is external)
MISC(link is external)
tenable -- nessus
 
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. 2017-04-19 not yet calculated CVE-2017-7850
CONFIRM(link is external)
tenable -- nessus
 
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. 2017-04-19 not yet calculated CVE-2017-7849
CONFIRM(link is external)
tokyo_star_bank -- tokyo_star_bank_app
 
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. 2017-04-21 not yet calculated CVE-2016-1184
JVN(link is external)
JVNDB(link is external)
CONFIRM(link is external)
toshiba -- coordinate_plus_app
 
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-4840
JVN(link is external)
JVNDB(link is external)
BID(link is external)
trend_micro -- interscan_messaging_security_virtual_appliance
 
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. 2017-04-18 not yet calculated CVE-2017-7896
BID(link is external)
CONFIRM(link is external)
twigmo -- twigmo_for_cs-cart
 
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. 2017-04-20 not yet calculated CVE-2016-4862
JVN(link is external)
JVNDB(link is external)
CONFIRM(link is external)
BID(link is external)
unitrends -- enterprise_backup
 
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. 2017-04-19 not yet calculated CVE-2017-7283
MISC(link is external)
MISC(link is external)
unitrends -- enterprise_backup
 
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI). 2017-04-19 not yet calculated CVE-2017-7282
MISC(link is external)
MISC(link is external)
unrtf -- unrtf
 
Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function. 2017-04-21 not yet calculated CVE-2016-10091
CONFIRM
MLIST(link is external)
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
watchguard -- fireware
 
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox. 2017-04-22 not yet calculated CVE-2017-8056
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
watchguard -- fireware
 
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox. 2017-04-22 not yet calculated CVE-2017-8055
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
wondercms -- wondercms
 
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. 2017-04-20 not yet calculated CVE-2017-7951
CONFIRM(link is external)
CONFIRM(link is external)
zyxel -- wre6505
 
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. 2017-04-19 not yet calculated CVE-2017-7964
MISC

 

** 출처: [US-CERT: Bulletin(SB17-114)] 2017년 4월 17일까지 발표된 보안 취약점