U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB17-107)

Vulnerability Summary for the Week of April 10, 2017

Original release date: April 17, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
amazon -- fire_osStack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.2017-04-0910.0CVE-2015-7292
MISC
atlassian -- jiraThe JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.2017-04-107.5CVE-2017-5983
MISC
BID
CONFIRM
CONFIRM
CERT-VN
axis -- axis_communications_firmwareAXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."2017-04-097.8CVE-2015-8258
EXPLOIT-DB
botan_project -- botanbotan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.2017-04-107.8CVE-2015-7825
CONFIRM
CONFIRM
botan_project -- botanbotan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.2017-04-107.5CVE-2015-7826
CONFIRM
CONFIRM
botan_project -- botanThe Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.2017-04-107.5CVE-2016-6878
CONFIRM
cisco -- aironet_access_pointA vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).2017-04-077.2CVE-2016-9196
BID
CONFIRM
cisco -- firepower_extensible_operating_systemA vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115).2017-04-077.2CVE-2017-6597
BID
CONFIRM
cisco -- firepower_extensible_operating_systemA vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69).2017-04-077.2CVE-2017-6598
BID
CONFIRM
cisco -- firepower_extensible_operating_systemA vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136.2017-04-077.2CVE-2017-6600
BID
CONFIRM
cisco -- firepower_management_centerA vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.2017-04-077.1CVE-2017-3885
BID
CONFIRM
cisco -- mobility_services_engineA vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).2017-04-077.2CVE-2016-9197
BID
CONFIRM
cloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has a format string issue exploitable over SNMP.2017-04-097.5CVE-2016-5074
MISC
dataprobe -- ibootbar_firmwareDataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.2017-04-077.5CVE-2007-6759
MISC
dataprobe -- ibootbar_firmwareDataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.2017-04-077.5CVE-2007-6760
MISC
dell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.2017-04-097.5CVE-2015-7271
MISC
BID
dell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.2017-04-097.5CVE-2015-7272
MISC
BID
dell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.2017-04-097.5CVE-2015-7273
MISC
gnu -- binutilselflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.2017-04-097.5CVE-2017-7614
MISC
google -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.2017-04-079.3CVE-2017-0538
BID
CONFIRM
CONFIRM
google -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.2017-04-079.3CVE-2017-0539
BID
CONFIRM
CONFIRM
google -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.2017-04-079.3CVE-2017-0540
BID
CONFIRM
CONFIRM
google -- androidA remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.2017-04-079.3CVE-2017-0541
BID
CONFIRM
CONFIRM
google -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.2017-04-079.3CVE-2017-0542
BID
CONFIRM
CONFIRM
google -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866.2017-04-079.3CVE-2017-0543
BID
CONFIRM
CONFIRM
google -- androidAn elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.2017-04-079.3CVE-2017-0544
BID
CONFIRM
google -- androidAn elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350.2017-04-079.3CVE-2017-0545
BID
CONFIRM
google -- androidAn elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.2017-04-079.3CVE-2017-0546
BID
CONFIRM
google -- androidA remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.2017-04-077.1CVE-2017-0548
BID
CONFIRM
google -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508.2017-04-077.1CVE-2017-0549
BID
CONFIRM
CONFIRM
google -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140.2017-04-077.1CVE-2017-0550
BID
CONFIRM
CONFIRM
google -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097231.2017-04-077.1CVE-2017-0551
BID
CONFIRM
CONFIRM
CONFIRM
google -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915.2017-04-077.1CVE-2017-0552
BID
CONFIRM
CONFIRM
google -- androidAn elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065.2017-04-077.6CVE-2017-0553
BID
CONFIRM
google -- androidAn elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. References: M-ALPS02898189.2017-04-079.3CVE-2017-0562
BID
CONFIRM
google -- androidAn elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516.2017-04-077.6CVE-2017-0565
BID
CONFIRM
google -- androidAn elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367.2017-04-077.6CVE-2017-0566
BID
CONFIRM
google -- androidAn elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406.2017-04-077.6CVE-2017-0578
BID
CONFIRM
gynoii -- gcw-1010Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.2017-04-0910.0CVE-2015-2881
MISC
ibaby -- m3s_baby_monitor_firmwareiBaby M3S has a password of admin for the backdoor admin account.2017-04-0910.0CVE-2015-2887
MISC
lens_laboratories -- peek-a-view_firmwareLens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.2017-04-0910.0CVE-2015-2885
MISC
linux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.2017-04-077.6CVE-2017-0454
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.2017-04-077.6CVE-2017-0462
CONFIRM
linux -- linux_kernelA remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.2017-04-0710.0CVE-2017-0561
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409.2017-04-079.3CVE-2017-0563
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203.2017-04-079.3CVE-2017-0564
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575.2017-04-077.6CVE-2017-0567
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600.2017-04-077.6CVE-2017-0568
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666.2017-04-077.6CVE-2017-0569
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688.2017-04-077.6CVE-2017-0570
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541.2017-04-077.6CVE-2017-0571
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597.2017-04-077.6CVE-2017-0572
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539.2017-04-077.6CVE-2017-0573
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189.2017-04-077.6CVE-2017-0574
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099.2017-04-077.6CVE-2017-0575
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.2017-04-077.6CVE-2017-0576
BID
MISC
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951.2017-04-077.6CVE-2017-0577
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406.2017-04-077.6CVE-2017-0579
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.2017-04-077.6CVE-2017-0580
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485.2017-04-077.6CVE-2017-0581
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836.2017-04-077.6CVE-2017-0582
BID
CONFIRM
linux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788.2017-04-077.6CVE-2017-0583
BID
CONFIRM
linux -- linux_kernelcrypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.2017-04-107.8CVE-2017-7618
MISC
BID
news_system_project -- news_systemSQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.2017-04-077.5CVE-2017-7581
MISC
ninka_project -- ninkaNinka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.2017-04-107.5CVE-2017-7239
MLIST
BID
CONFIRM
osram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.2017-04-097.5CVE-2016-5053
MISC
philips -- in.sight_b120\37Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.2017-04-0910.0CVE-2015-2882
MISC
proxygen_project -- proxygenThe SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.2017-04-097.5CVE-2015-7264
MISC
schneider-electric -- conext_combox_865-1058_firmwareAn issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.2017-04-077.8CVE-2017-6019
CONFIRM
BID
MISC
sierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.2017-04-097.5CVE-2016-5065
MISC
sierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.2017-04-0910.0CVE-2016-5066
MISC
sierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.2017-04-099.0CVE-2016-5067
MISC
sierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.2017-04-097.5CVE-2016-5068
MISC
sierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.2017-04-097.5CVE-2016-5069
MISC
sierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.2017-04-0910.0CVE-2016-5071
MISC
sophos -- cyberoam_cr25ing_utm_firmwareSophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.2017-04-079.0CVE-2016-7786
MISC
summer_infant -- baby_zoom_wifi_monitor_firmwareSummer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.2017-04-097.5CVE-2015-2888
MISC
trendnet -- tv-ip743sicTRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.2017-04-099.0CVE-2015-2880
MISC
vertivco -- liebert_multilink_automated_shutdownLiebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.2017-04-097.2CVE-2015-7260
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- igniteApache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.2017-04-074.3CVE-2016-6805
CONFIRM
BID
atlassian -- bitbucketAtlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.2017-04-094.0CVE-2016-4320
BID
MISC
atlassian -- jiraAtlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.2017-04-096.8CVE-2016-4319
BID
MISC
axis -- axis_communications_firmwareAXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.2017-04-096.8CVE-2015-8255
EXPLOIT-DB
botan_project -- botanbotan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.2017-04-105.0CVE-2015-7824
CONFIRM
CONFIRM
botan_project -- botanThe X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.2017-04-105.0CVE-2016-6879
CONFIRM
castle_rock_computing -- snmpcCastle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.2017-04-094.3CVE-2015-6027
MISC
castle_rock_computing -- snmpcCastle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.2017-04-096.5CVE-2015-6028
MISC
cesanta -- mongoose_osUse-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.2017-04-105.0CVE-2017-7185
BUGTRAQ
BID
CONFIRM
CONFIRM
MISC
cisco -- asr_900_series_firmwareA vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP.2017-04-076.1CVE-2017-6603
BID
CONFIRM
cisco -- firepower_threat_defenseA vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.2017-04-074.3CVE-2017-3887
BID
CONFIRM
cisco -- ios_xeA vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.2017-04-076.9CVE-2017-6606
BID
CONFIRM
cisco -- ios_xrA vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL.2017-04-075.0CVE-2017-6599
BID
CONFIRM
cisco -- prime_infrastructureA vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0).2017-04-074.3CVE-2017-3848
BID
CONFIRM
cisco -- prime_infrastructureA vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).2017-04-074.0CVE-2017-3884
BID
CONFIRM
cisco -- registered_envelope_serviceA vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015.2017-04-075.8CVE-2017-3889
BID
CONFIRM
cisco -- unified_communications_managerA vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).2017-04-074.0CVE-2017-3886
BID
CONFIRM
cisco -- unified_computing_systemA vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.2017-04-075.8CVE-2017-6604
BID
CONFIRM
cisco -- unified_computing_system_directorA vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0).2017-04-074.0CVE-2017-3817
BID
CONFIRM
cisco -- wireless_lan_controllerA vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3).2017-04-075.0CVE-2016-9195
BID
CONFIRM
cloudera -- cdhImpala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.2017-04-105.0CVE-2016-6605
CONFIRM
cloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has XSS via SNMP.2017-04-094.3CVE-2016-5073
MISC
cloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has XSS via a TELNET login.2017-04-094.3CVE-2016-5075
MISC
cloudviewnms -- cloudview_nmsCloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.2017-04-095.0CVE-2016-5076
MISC
dell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.2017-04-094.6CVE-2015-7270
MISC
BID
dell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.2017-04-096.5CVE-2015-7274
MISC
BID
BID
dell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.2017-04-094.3CVE-2015-7275
MISC
BID
dlink -- dwr-116_firmwareDirectory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.2017-04-105.0CVE-2017-6190
BID
MISC
elfutils_project -- elfutilsThe handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7607
MISC
elfutils_project -- elfutilsThe ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7608
MISC
elfutils_project -- elfutilself_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-04-094.3CVE-2017-7609
MISC
elfutils_project -- elfutilsThe check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7610
MISC
elfutils_project -- elfutilsThe check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7611
MISC
elfutils_project -- elfutilsThe check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7612
MISC
elfutils_project -- elfutilselflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-04-094.3CVE-2017-7613
MISC
eparaksts -- eparakstitajs_3LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.2017-04-094.3CVE-2015-8275
MISC
eparaksts -- eparakstitajs_3LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files.2017-04-094.3CVE-2015-8276
MISC
foxitsoftware -- foxit_pdf_toolkitMemory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.2017-04-076.8CVE-2017-7584
BID
CONFIRM
google -- androidAn information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.2017-04-074.3CVE-2017-0547
BID
CONFIRM
CONFIRM
google -- androidAn elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.2017-04-076.8CVE-2017-0554
BID
CONFIRM
google -- androidAn information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775.2017-04-074.3CVE-2017-0555
BID
CONFIRM
CONFIRM
google -- androidAn information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952.2017-04-074.3CVE-2017-0556
BID
CONFIRM
CONFIRM
google -- androidAn information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.2017-04-074.3CVE-2017-0557
BID
CONFIRM
CONFIRM
google -- androidAn information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.2017-04-074.3CVE-2017-0558
BID
CONFIRM
CONFIRM
google -- androidAn information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722.2017-04-074.3CVE-2017-0559
BID
CONFIRM
google -- androidAn information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.2017-04-074.3CVE-2017-0560
BID
CONFIRM
ibaby -- m6_baby_monitor_firmwareiBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.2017-04-095.0CVE-2015-2886
MISC
ilias_project -- iliasILIAS before 5.2.3 has XSS via SVG documents.2017-04-074.3CVE-2017-7583
CONFIRM
CONFIRM
CONFIRM
imagemagick -- imagemagickcoders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-094.3CVE-2017-7606
MISC
imagemagick -- imagemagickIn ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.2017-04-105.0CVE-2017-7619
CONFIRM
imageworsener_project -- imageworsenerThe iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.2017-04-104.3CVE-2017-7623
BID
CONFIRM
imageworsener_project -- imageworsenerThe iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.2017-04-104.3CVE-2017-7624
BID
CONFIRM
jive_software -- jiveJive before 2016.3.1 has an open redirect from the external-link.jspa page.2017-04-095.8CVE-2016-4334
MISC
keepassx_project -- keepassxIn KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.2017-04-105.0CVE-2015-8378
CONFIRM
CONFIRM
libaacplus_project -- libaacplusau_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8CVE-2017-7603
MISC
libaacplus_project -- libaacplusau_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8CVE-2017-7604
MISC
libaacplus_project -- libaacplusaacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8CVE-2017-7605
MISC
libming -- libmingMultiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831.2017-04-076.8CVE-2017-7578
CONFIRM
libsndfile_project -- libsndfileIn libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.2017-04-074.3CVE-2017-7585
CONFIRM
CONFIRM
CONFIRM
MISC
libsndfile_project -- libsndfileIn libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.2017-04-074.3CVE-2017-7586
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
libtiff -- libtiffThe putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7592
MISC
BID
libtiff -- libtifftif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.2017-04-094.3CVE-2017-7593
MISC
BID
libtiff -- libtiffThe OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.2017-04-094.3CVE-2017-7594
MISC
BID
libtiff -- libtiffThe JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.2017-04-094.3CVE-2017-7595
MISC
libtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7596
BID
MISC
libtiff -- libtifftif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7597
BID
MISC
libtiff -- libtifftif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.2017-04-094.3CVE-2017-7598
BID
MISC
libtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7599
BID
BID
MISC
libtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7600
MISC
libtiff -- libtiffLibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7601
BID
MISC
libtiff -- libtiffLibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7602
BID
MISC
netapp -- clustered_data_ontapNetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.2017-04-105.0CVE-2017-5988
CONFIRM
netikus -- eventsentryNetikus EventSentry before 3.2.1.44 has XSS via SNMP.2017-04-094.3CVE-2016-5077
MISC
opencv -- opencvOpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.2017-04-096.8CVE-2016-1516
MISC
MISC
opencv -- opencvOpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.2017-04-094.3CVE-2016-1517
MISC
MISC
openidm_project -- openidmIn OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js.2017-04-084.0CVE-2017-7589
MISC
CONFIRM
openidm_project -- openidmOpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.2017-04-084.3CVE-2017-7590
MISC
CONFIRM
openidm_project -- openidmOpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.2017-04-084.3CVE-2017-7591
MISC
CONFIRM
opmantek -- network_management_information_systemOpmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.2017-04-096.0CVE-2016-6534
MISC
opsview -- opsviewOpsview before 2015-11-06 has XSS via SNMP.2017-04-094.3CVE-2015-6035
MISC
osram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.2017-04-095.0CVE-2016-5051
MISC
osram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.2017-04-095.0CVE-2016-5052
MISC
osram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.2017-04-095.0CVE-2016-5054
MISC
osram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page.2017-04-094.3CVE-2016-5055
MISC
osram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.2017-04-095.0CVE-2016-5056
MISC
osram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.2017-04-095.0CVE-2016-5057
MISC
osram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.2017-04-095.0CVE-2016-5058
MISC
osram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application.2017-04-094.0CVE-2016-5059
MISC
oxidforge -- oxid_eshopOXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.2017-04-096.5CVE-2016-5072
MISC
paessler -- prtgPaessler PRTG before 16.2.24.4045 has XSS via SNMP.2017-04-094.3CVE-2016-5078
MISC
philips -- in.sight_b120\37Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.2017-04-095.0CVE-2015-2884
MISC
phpmyfaq -- phpmyfaqinc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.2017-04-074.3CVE-2017-7579
CONFIRM
CONFIRM
pivotx -- pivotxPivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.2017-04-076.5CVE-2017-7570
MISC
proxygen_project -- proxygenThe SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.2017-04-095.0CVE-2015-7263
MISC
proxygen_project -- proxygenFacebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.2017-04-095.0CVE-2015-7265
MISC
sap -- netweaverThe SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.2017-04-104.0CVE-2016-10304
MISC
sap -- sql_anywhereBuffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778.2017-04-104.0CVE-2016-10310
BID
MISC
schneider-electric -- interactive_graphical_scada_systemA DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path.2017-04-076.8CVE-2017-6033
CONFIRM
BID
MISC
sierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.2017-04-095.0CVE-2016-5070
MISC
spiceworks -- desktopSpiceworks Desktop before 2015-12-01 has XSS via an SNMP response.2017-04-094.3CVE-2015-6021
MISC
summer_infant -- baby_zoom_wifi_monitor_firmwareSummer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.2017-04-096.5CVE-2015-2889
MISC
swagger_project -- swagger-uiSwagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.2017-04-094.3CVE-2016-5682
MISC
visioncritical -- vision_criticalVision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files.2017-04-095.0CVE-2014-2960
MISC
web2py -- web2pyweb2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.2017-04-105.0CVE-2016-10321
CONFIRM
CONFIRM
xiongmai_technologies -- uc-httpdXiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.2017-04-075.0CVE-2017-7577
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- apple_musicThe Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-072.9CVE-2017-2387
MISC
BID
CONFIRM
atlassian -- confluenceAtlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.2017-04-093.5CVE-2016-4317
BID
MISC
atlassian -- jiraAtlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.2017-04-093.5CVE-2016-4318
BID
MISC
cisco -- firepower_extensible_operating_systemA vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647).2017-04-073.6CVE-2017-6601
BID
CONFIRM
cisco -- firepower_extensible_operating_systemA vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138).2017-04-073.6CVE-2017-6602
BID
CONFIRM
cisco -- unified_communications_managerA vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).2017-04-073.5CVE-2017-3888
BID
CONFIRM
linux -- linux_kernelAn information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731.2017-04-072.6CVE-2017-0584
BID
CONFIRM
linux -- linux_kernelAn information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.2017-04-072.6CVE-2017-0585
BID
CONFIRM
linux -- linux_kernelAn information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.2017-04-072.6CVE-2017-0586
BID
CONFIRM
linux -- linux_kernelIncorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.2017-04-102.1CVE-2017-7616
CONFIRM
BID
CONFIRM
opmantek -- network_management_information_systemOpmantek NMIS before 8.5.12G has XSS via SNMP.2017-04-093.5CVE-2016-5642
MISC
philips -- in.sight_b120\37Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.2017-04-093.5CVE-2015-2883
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobat_flash_playerAdobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3058
BID
CONFIRM
adobe -- acrobat_flash_playerAdobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3063
BID
CONFIRM
adobe -- acrobat_flash_player
 
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3062
BID
CONFIRM
adobe -- acrobat_flash_player
 
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3060
BID
CONFIRM
adobe -- acrobat_flash_player
 
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3061
BID
CONFIRM
adobe -- acrobat_flash_player
 
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3059
BID
CONFIRM
adobe -- acrobat_flash_player
 
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3064
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3023
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) format parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3019
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin.2017-04-12not yet calculatedCVE-2017-3012
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when manipulating PDF annotations. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3024
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the renderer functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3018
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3026
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of JPEG files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3051
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging.2017-04-12not yet calculatedCVE-2017-3013
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module.2017-04-12not yet calculatedCVE-2017-3020
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.2017-04-12not yet calculatedCVE-2017-3021
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.2017-04-12not yet calculatedCVE-2017-3022
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3011
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3057
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3030
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal scan line representation in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3048
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.2017-04-12not yet calculatedCVE-2017-3032
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset form functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3014
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3056
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3044
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to manipulation of EMF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3054
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3015
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3017
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3050
BID
CONFIRM
adobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3025
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3027
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3028
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.2017-04-12not yet calculatedCVE-2017-3029
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.2017-04-12not yet calculatedCVE-2017-3033
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.2017-04-12not yet calculatedCVE-2017-3031
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3035
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3038
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3065
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3036
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3037
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3034
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3039
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3041
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3042
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 image compression module. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3040
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box.2017-04-12not yet calculatedCVE-2017-3045
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stream parsing.2017-04-12not yet calculatedCVE-2017-3046
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality.2017-04-12not yet calculatedCVE-2017-3043
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3049
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EMF - enhanced meta file format.2017-04-12not yet calculatedCVE-2017-3052
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files.2017-04-12not yet calculatedCVE-2017-3053
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3047
BID
CONFIRM
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3055
BID
CONFIRM
adobe -- campaignAdobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.2017-04-12not yet calculatedCVE-2017-2989
BID
CONFIRM
adobe -- photoshop_ccAdobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3004
BID
CONFIRM
adobe -- photoshop_cc
 
Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.2017-04-12not yet calculatedCVE-2017-3005
BID
CONFIRM
adobe -- thorAdobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.2017-04-12not yet calculatedCVE-2017-3006
BID
CONFIRM
adobe -- thorAdobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.2017-04-12not yet calculatedCVE-2017-3007
BID
CONFIRM
apache -- tomcatBuffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.2017-04-12not yet calculatedCVE-2016-6808
MISC
REDHAT
FULLDISC
CONFIRM
MLIST
BID
SECTRACK
REDHAT
REDHAT
apache -- tomee
 
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.2017-04-11not yet calculatedCVE-2016-0779
MISC
MLIST
CONFIRM
BUGTRAQ
BID
MISC
apple -- ios_shoplat_applicationShoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.2017-04-13not yet calculatedCVE-2016-1132
JVN
JVNDB
apple -- mac_os_x
 
Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.2017-04-13not yet calculatedCVE-2010-1821
APPLE
apple -- mac_os_x
 
Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image.2017-04-13not yet calculatedCVE-2010-1816
APPLE
appleple -- a-blog_cmsCross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.2017-04-12not yet calculatedCVE-2016-1179
JVN
JVNDB
CONFIRM
appleple -- a-blog_cmsThe session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.2017-04-12not yet calculatedCVE-2016-1178
JVN
JVNDB
CONFIRM
asterisk -- asterisk
 
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.2017-04-10not yet calculatedCVE-2017-7617
CONFIRM
BID
CONFIRM
atutor -- atutorSQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.2017-04-13not yet calculatedCVE-2016-2555
MISC
MISC
CONFIRM
CONFIRM
auromeera -- emli
 
Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.2017-04-11not yet calculatedCVE-2017-7621
MISC
bigtree_cms -- bigtree_cms
 
Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.2017-04-11not yet calculatedCVE-2017-7695
MISC
MISC
MISC
bigtree_cms -- bigtree_cms
 
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.2017-04-15not yet calculatedCVE-2017-7881
MISC
MISC
bitrix -- bitrix
 
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.2017-04-14not yet calculatedCVE-2015-8356
MISC
BUGTRAQ
MISC
blackberry -- blackberry_enterprise_serverMultiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.2017-04-13not yet calculatedCVE-2016-1915
FULLDISC
MISC
CONFIRM
blackberry -- blackberry_enterprise_serverMultiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.2017-04-13not yet calculatedCVE-2016-1914
FULLDISC
MISC
CONFIRM
blue_coat -- sslv
 
Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server.2017-04-11not yet calculatedCVE-2016-10259
BID
CONFIRM
brother -- multiple_devices
 
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.2017-04-12not yet calculatedCVE-2017-7588
MISC
candlepin_project -- candlepinThe Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.2017-04-14not yet calculatedCVE-2016-4455
REDHAT
REDHAT
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
citrix -- netscaler_gateway
 
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.2017-04-13not yet calculatedCVE-2017-7219
BID
CONFIRM
concrete5 -- concrete5
 
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector.2017-04-13not yet calculatedCVE-2017-7725
MISC
MISC
MISC
dde -- dde
 
dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.2017-04-10not yet calculatedCVE-2017-7622
MISC
debian -- inspircd
 
Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.2017-04-13not yet calculatedCVE-2015-6674
DEBIAN
CONFIRM
GENTOO
eclipse -- jettyThe path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.2017-04-13not yet calculatedCVE-2016-4800
MLIST
MISC
BID
MISC
ember.js -- ember.js
 
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.2017-04-13not yet calculatedCVE-2015-7565
CONFIRM
CONFIRM
eyesofnetwork -- eyesofnetwork
 
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter in module/monitoring_ged/ged_functions.php or the (5) type parameter in monitoring_ged/ajax.php.2017-04-11not yet calculatedCVE-2017-6088
MLIST
BID
f5 -- big-ip_apmThe TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.2017-04-11not yet calculatedCVE-2016-7467
BID
CONFIRM
feh -- feh
 
In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.2017-04-14not yet calculatedCVE-2017-7875
CONFIRM
CONFIRM
ffmpeg -- ffmpeg
 
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.2017-04-14not yet calculatedCVE-2017-7863
MISC
MISC
ffmpeg -- ffmpeg
 
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.2017-04-14not yet calculatedCVE-2017-7866
MISC
MISC
ffmpeg -- ffmpeg
 
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.2017-04-14not yet calculatedCVE-2017-7865
MISC
MISC
ffmpeg -- ffmpeg
 
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.2017-04-14not yet calculatedCVE-2017-7862
MISC
MISC
ffmpeg -- ffmpeg
 
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.2017-04-14not yet calculatedCVE-2017-7859
MISC
firejail -- firejail
 
Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10121
MLIST
MLIST
firejail -- firejail
 
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10123
MLIST
MLIST
firejail -- firejail
 
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.2017-04-13not yet calculatedCVE-2016-10118
MLIST
MLIST
firejail -- firejail
 
Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10120
MLIST
MLIST
firejail -- firejail
 
Firejail does not properly clean environment variables, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10122
MLIST
MLIST
firejail -- firejail
 
Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.2017-04-13not yet calculatedCVE-2016-10117
MLIST
MLIST
firejail -- firejail
 
Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10119
MLIST
MLIST
fiyo_cms -- fiyo_cms
 
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.2017-04-10not yet calculatedCVE-2017-7625
BID
MISC
flatcore -- flatcore_cms
 
CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.2017-04-14not yet calculatedCVE-2017-7877
CONFIRM
flatcore -- flatcore_cms
 
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.2017-04-14not yet calculatedCVE-2017-7879
CONFIRM
flatcore -- flatcore_cms
 
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.2017-04-14not yet calculatedCVE-2017-7878
CONFIRM
fortimail -- fortimail
 
An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.2017-04-12not yet calculatedCVE-2017-3125
CONFIRM
BID
foscam -- foscam_networked_devices
 
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.2017-04-10not yet calculatedCVE-2017-7648
MISC
freetype -- freetype_2
 
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.2017-04-14not yet calculatedCVE-2017-7858
MISC
MISC
freetype -- freetype_2
 
FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.2017-04-14not yet calculatedCVE-2017-7857
MISC
MISC
freetype -- freetype_2
 
FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.2017-04-14not yet calculatedCVE-2017-7864
MISC
MISC
freetype_project -- freetype_2FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.2017-04-14not yet calculatedCVE-2016-10328
MISC
MISC
MISC
game-music-emu -- game-music-emugame-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.2017-04-12not yet calculatedCVE-2016-9958
SUSE
SUSE
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISC
game-music-emu -- game-music-emuStack-based buffer overflow in game-music-emu before 0.6.1.2017-04-12not yet calculatedCVE-2016-9957
SUSE
SUSE
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISC
game-music-emu -- game-music-emugame-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.2017-04-12not yet calculatedCVE-2016-9959
SUSE
SUSE
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISC
ghostscript -- ghostscript
 
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.2017-04-14not yet calculatedCVE-2016-8602
CONFIRM
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
gnu -- a2ps
 
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.2017-04-13not yet calculatedCVE-2015-8107
MLIST
BID
gnutls -- gnutls
 
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.2017-04-14not yet calculatedCVE-2017-7869
MISC
MISC
CONFIRM
google -- androidmediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.2017-04-13not yet calculatedCVE-2014-7921
CONFIRM
CONFIRM
google -- androidmediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.2017-04-13not yet calculatedCVE-2014-7920
CONFIRM
CONFIRM
google -- androidHTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.2017-04-13not yet calculatedCVE-2016-1155
MISC
JVN
google -- android_kernelDrivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.2017-04-12not yet calculatedCVE-2016-5856
SECTRACK
CONFIRM
CONFIRM
google -- chromeA use-after-free in AnimationController::endAnimationUpdate in Google Chrome.2017-04-11not yet calculatedCVE-2013-6647
CONFIRM
google -- chromeGoogle Chrome caches TLS sessions before certificate validation occurs.2017-04-13not yet calculatedCVE-2013-6662
CONFIRM
google -- grpcGoogle gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.2017-04-14not yet calculatedCVE-2017-7861
MISC
MISC
google -- grpcGoogle gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.2017-04-14not yet calculatedCVE-2017-7860
MISC
MISC
hipchat -- server
 
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.2017-04-14not yet calculatedCVE-2017-7357
BUGTRAQ
CONFIRM
CONFIRM
huawei -- p7
 
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.2017-04-13not yet calculatedCVE-2015-7740
CONFIRM
huawei -- p7
 
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver.2017-04-13not yet calculatedCVE-2015-8223
CONFIRM
i-o_data -- rock_disk
 
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713.2017-04-13not yet calculatedCVE-2014-3887
CONFIRM
JVN
ibm -- financial_transition_managerIBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.2017-04-14not yet calculatedCVE-2017-1152
CONFIRM
ibm -- platform_lsfIBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741.2017-04-14not yet calculatedCVE-2017-1205
MISC
ibm -- tivoliIBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540.2017-04-14not yet calculatedCVE-2016-8927
CONFIRM
ibm -- tivoli
 
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.2017-04-14not yet calculatedCVE-2016-8926
CONFIRM
ibm -- tivoli
 
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.2017-04-14not yet calculatedCVE-2016-8925
CONFIRM
icu_project -- icu
 
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.2017-04-14not yet calculatedCVE-2017-7867
MISC
MISC
icu_project -- icu
 
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.2017-04-14not yet calculatedCVE-2017-7868
MISC
MISC
imagemagick -- imagemagick
 
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.2017-04-11not yet calculatedCVE-2014-9837
MISC
MLIST
CONFIRM
imagemagick -- imagemagick
 
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).2017-04-11not yet calculatedCVE-2014-8716
MISC
BID
CONFIRM
imagemagick -- imagemagick
 
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.2017-04-11not yet calculatedCVE-2014-8354
MISC
BID
CONFIRM
MISC
imagemagick -- imagemagick
 
DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).2017-04-11not yet calculatedCVE-2014-8562
BID
CONFIRM
MISC
MISC
imagemagick -- imagemagick
 
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).2017-04-11not yet calculatedCVE-2014-8355
MISC
BID
CONFIRM
MISC
inspircd -- inspircd
 
InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).2017-04-13not yet calculatedCVE-2012-6697
DEBIAN
CONFIRM
CONFIRM
GENTOO
intellinet_network -- nfc-30ir_IP_camera
 
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.2017-04-11not yet calculatedCVE-2017-7461
EXPLOIT-DB
intellinet_network -- nfc-30ir_IP_camera
 
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.2017-04-11not yet calculatedCVE-2017-7462
EXPLOIT-DB
ivywe -- ivyweMultiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-14not yet calculatedCVE-2016-4875
JVN
JVNDB
BID
CONFIRM
CONFIRM
jackson-dataformat-xml -- jackson-dataformat-xmlXmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.2017-04-14not yet calculatedCVE-2016-7051
CONFIRM
joomla -- joomla
 
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).2017-04-12not yet calculatedCVE-2017-7628
MISC
MISC
MISC
joomla -- joomla
 
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).2017-04-12not yet calculatedCVE-2017-7626
MISC
MISC
MISC
joomla -- joomla
 
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).2017-04-12not yet calculatedCVE-2017-7627
MISC
MISC
kancolleviewer -- kancolleviewer
 
KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.2017-04-13not yet calculatedCVE-2015-2947
CONFIRM
JVN
kony -- enterprise_mobile_management
 
Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.2017-04-11not yet calculatedCVE-2017-5672
MISC
ktools.net -- photostoreSQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.2017-04-12not yet calculatedCVE-2016-4337
MISC
EXPLOIT-DB
lenovo_group -- lenovo_customer_care_software_development_ kit
 
Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.2017-04-10not yet calculatedCVE-2016-8235
BID
CONFIRM
lenovo_group -- lenovo_updates
 
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.2017-04-10not yet calculatedCVE-2016-8237
BID
CONFIRM
libdwarf -- libdwarf
 
dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.2017-04-10not yet calculatedCVE-2016-5041
MLIST
MLIST
CONFIRM
libreoffice_project -- libreofficeLibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.2017-04-14not yet calculatedCVE-2016-10327
MISC
MISC
libreoffice_project -- libreoffice
 
LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.2017-04-14not yet calculatedCVE-2017-7856
MISC
MISC
libreoffice_project -- libreoffice
 
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.2017-04-15not yet calculatedCVE-2017-7882
MISC
MISC
libreoffice_project -- libreoffice
 
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.2017-04-14not yet calculatedCVE-2017-7870
MISC
MISC
libsamplerate -- libsamplerate
 
In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.2017-04-11not yet calculatedCVE-2017-7697
BID
CONFIRM
libsndfile -- libsndfile
 
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.2017-04-12not yet calculatedCVE-2017-7741
MISC
MISC
libsndfile -- libsndfile
 
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.2017-04-12not yet calculatedCVE-2017-7742
MISC
MISC
libtiff -- libtiffThe setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.2017-04-11not yet calculatedCVE-2016-5322
DEBIAN
MLIST
BID
BID
CONFIRM
GENTOO
libxml2 -- libxml2The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.2017-04-11not yet calculatedCVE-2016-4483
DEBIAN
MLIST
MLIST
MLIST
MLIST
CONFIRM
BID
CONFIRM
CONFIRM
linux -- linux_kernel
 
udevd in udev 232, when the Linux kernel 4.8.0 is used, does not properly verify the source of a Netlink message, which allows local users to execute arbitrary commands by leveraging access to the NETLINK_KOBJECT_UEVENT family, and the presence of the /lib/udev/rules.d/50-udev-default.rules file, to provide a crafted REMOVE_CMD value.2017-04-15not yet calculatedCVE-2017-7874
MISC
linux -- linux_kernel
 
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.2017-04-11not yet calculatedCVE-2016-5011
REDHAT
CONFIRM
CONFIRM
MLIST
BID
SECTRACK
CONFIRM
microsoft -- .net_frameworkMicrosoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."2017-04-12not yet calculatedCVE-2017-0160
BID
CONFIRM
microsoft -- edgeAn information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0208
BID
CONFIRM
microsoft -- edgeA remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0201.2017-04-12not yet calculatedCVE-2017-0093
BID
CONFIRM
microsoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0200
BID
CONFIRM
microsoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0205
BID
CONFIRM
microsoft -- edge
 
A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0203
BID
CONFIRM
microsoft -- excelMicrosoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0195
BID
CONFIRM
microsoft -- excelMicrosoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0194
BID
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0093.2017-04-12not yet calculatedCVE-2017-0201
BID
CONFIRM
microsoft -- internet_explorerAn elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0210
BID
CONFIRM
microsoft -- internet_explorer
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0202
BID
CONFIRM
microsoft -- officeMicrosoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."2017-04-12not yet calculatedCVE-2017-0199
BID
MISC
CONFIRM
MISC
microsoft -- onenote
 
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."2017-04-12not yet calculatedCVE-2017-0197
BID
CONFIRM
microsoft -- outlookMicrosoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0106
BID
CONFIRM
microsoft -- outlookMicrosoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0204
BID
CONFIRM
microsoft -- outlook
 
Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."2017-04-12not yet calculatedCVE-2017-0207
BID
CONFIRM
microsoft -- windowsThe Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0155
BID
CONFIRM
microsoft -- windowsA Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0058
BID
CONFIRM
microsoft -- windowsA denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."2017-04-12not yet calculatedCVE-2017-0191
BID
CONFIRM
microsoft -- windowsAn information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0167
BID
CONFIRM
microsoft -- windowsAn elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0188.2017-04-12not yet calculatedCVE-2017-0189
BID
CONFIRM
microsoft -- windowsAn elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0156
BID
CONFIRM
microsoft -- windowsA Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189.2017-04-12not yet calculatedCVE-2017-0188
BID
CONFIRM
microsoft -- windowsAn elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0158
BID
CONFIRM
microsoft -- windowsAn elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0211
BID
CONFIRM
microsoft -- windowsA denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."2017-04-12not yet calculatedCVE-2017-0164
BID
CONFIRM
microsoft -- windowsThe Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0192
BID
CONFIRM
microsoft -- windowsA security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0159
BID
CONFIRM
microsoft -- windowsAn elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0166
BID
CONFIRM
microsoft -- windowsAn elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0165
BID
CONFIRM
microsoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0184
BID
CONFIRM
microsoft -- windows_hyper-vAn information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168.2017-04-12not yet calculatedCVE-2017-0169
BID
CONFIRM
microsoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0179
BID
CONFIRM
microsoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0178
BID
CONFIRM
microsoft -- windows_hyper-v_network_switchA denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0183
BID
CONFIRM
microsoft -- windows_hyper-v_network_switchAn information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169.2017-04-12not yet calculatedCVE-2017-0168
BID
CONFIRM
microsoft -- windows_hyper-v_network_switchA remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0163
BID
CONFIRM
microsoft -- windows_hyper-v_network_switchA remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0162
BID
CONFIRM
microsoft -- windows_hyper-v_network_switch
 
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0182
BID
CONFIRM
microsoft -- windows_hyper-v_network_switch
 
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185.2017-04-12not yet calculatedCVE-2017-0186
BID
CONFIRM
microsoft -- windows_hyper-v_network_switch
 
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0185
BID
CONFIRM
microsoft -- windows_hyper-v_network_switch
 
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0180
BID
CONFIRM
microsoft -- windows_hyper-v_network_switch
 
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180.2017-04-12not yet calculatedCVE-2017-0181
BID
CONFIRM
mod_cluster -- mod_clusterStack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.2017-04-12not yet calculatedCVE-2016-4459
REDHAT
REDHAT
REDHAT
REDHAT
BID
REDHAT
REDHAT
CONFIRM
mongodb -- mongodmongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.2017-04-14not yet calculatedCVE-2016-3104
BID
CONFIRM
CONFIRM
moxa -- awk-3131a_wireless_access_pointAn exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response.2017-04-13not yet calculatedCVE-2016-8720
MISC
moxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.2017-04-13not yet calculatedCVE-2016-8725
MISC
moxa -- awk-3131a_wireless_access_pointAn exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.2017-04-13not yet calculatedCVE-2016-8726
MISC
moxa -- awk-3131a_wireless_access_pointAn exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.2017-04-13not yet calculatedCVE-2016-8723
MISC
moxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.2017-04-13not yet calculatedCVE-2016-8724
MISC
moxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.2017-04-13not yet calculatedCVE-2016-8727
MISC
moxa -- awk-3131a_wireless_access_pointAn exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.2017-04-13not yet calculatedCVE-2016-8722
MISC
moxa -- awk-3131a_wireless_access_pointAn exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request.2017-04-12not yet calculatedCVE-2016-8718
MISC
moxa -- awk-3131a_wireless_access_pointAn exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim.2017-04-12not yet calculatedCVE-2016-8719
MISC
moxa -- awk-3131a_wireless_access_pointAn exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.2017-04-12not yet calculatedCVE-2016-8716
MISC
moxa -- awk-3131a_wireless_access_pointAn exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.2017-04-13not yet calculatedCVE-2016-8712
MISC
moxa -- mx-aopc_server
 
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.2017-04-14not yet calculatedCVE-2017-7457
MISC
FULLDISC
moxa -- mxview
 
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.2017-04-14not yet calculatedCVE-2017-7455
MISC
MISC
FULLDISC
moxa -- mxview
 
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.2017-04-14not yet calculatedCVE-2017-7456
MISC
FULLDISC
mozilla_project -- bugzilla
 
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.2017-04-12not yet calculatedCVE-2016-2803
MISC
BUGTRAQ
SECTRACK
CONFIRM
netapp -- oncommand
 
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.2017-04-10not yet calculatedCVE-2017-7345
BID
CONFIRM
nettle -- nettleThe RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.2017-04-14not yet calculatedCVE-2016-6489
REDHAT
MLIST
UBUNTU
CONFIRM
MISC
CONFIRM
netty -- nettyhandler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).2017-04-13not yet calculatedCVE-2016-4970
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
novastor -- novabackup_datacenterThe datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.2017-04-13not yet calculatedCVE-2016-4898
CONFIRM
novastor -- novabackup_datacenterThe datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.2017-04-13not yet calculatedCVE-2016-4899
CONFIRM
oliver -- oliver
 
Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php).2017-04-13not yet calculatedCVE-2014-2710
MISC
FULLDISC
BUGTRAQ
openssh -- openssh
 
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.2017-04-11not yet calculatedCVE-2016-1908
MLIST
CONFIRM
BID
CONFIRM
CONFIRM
openstack -- nova-lxd
 
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.2017-04-12not yet calculatedCVE-2017-5936
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
osip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2016-10326
CONFIRM
osip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.2017-04-13not yet calculatedCVE-2016-10324
BID
CONFIRM
osip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2016-10325
CONFIRM
osip -- osip
 
In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2017-7853
CONFIRM
palo_alto_networks -- pan-os
 
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.2017-04-14not yet calculatedCVE-2017-7217
CONFIRM
palo_alto_networks -- pan-os
 
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.2017-04-14not yet calculatedCVE-2017-7218
CONFIRM
palo_alto_networks -- traps_esm_console
 
Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.2017-04-14not yet calculatedCVE-2017-7408
BID
CONFIRM
CONFIRM
ping_identity --openid-connect
 
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.2017-04-12not yet calculatedCVE-2017-6059
MLIST
BID
CONFIRM
MISC
CONFIRM
pivotal -- cloud_foundrySQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2017-04-11not yet calculatedCVE-2016-4468
MLIST
CONFIRM
proxifier -- proxifier
 
Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.2017-04-14not yet calculatedCVE-2017-7643
FULLDISC
MISC
proxifier -- proxifier
 
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.2017-04-14not yet calculatedCVE-2017-7690
MISC
pulp -- pulpPulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.2017-04-13not yet calculatedCVE-2016-3106
MLIST
MLIST
CONFIRM
CONFIRM
qemu_project -- qemu
 
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.2017-04-11not yet calculatedCVE-2015-8504
CONFIRM
MLIST
BID
CONFIRM
qemu_project -- qemu
 
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).2017-04-13not yet calculatedCVE-2015-8567
FEDORA
FEDORA
FEDORA
FEDORA
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
DEBIAN
MLIST
BID
UBUNTU
MLIST
GENTOO
qemu_project -- qemu
 
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.2017-04-13not yet calculatedCVE-2015-8345
MLIST
BID
MLIST
qemu_project -- qemu
 
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).2017-04-13not yet calculatedCVE-2015-8619
MLIST
BID
MLIST
qemu_project -- qemu
 
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.2017-04-11not yet calculatedCVE-2015-8613
MLIST
BID
CONFIRM
MLIST
qemu_project -- qemu
 
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.2017-04-11not yet calculatedCVE-2015-8666
CONFIRM
MLIST
BID
CONFIRM
qemu_project -- qemu
 
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.2017-04-10not yet calculatedCVE-2017-7377
CONFIRM
MLIST
BID
CONFIRM
MLIST
qemu_project -- qemu
 
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.2017-04-11not yet calculatedCVE-2015-8568
MLIST
BID
CONFIRM
MLIST
quest -- priviledge_manager
 
pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.2017-04-14not yet calculatedCVE-2017-6554
MISC
EXPLOIT-DB
radare -- radare2
 
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.2017-04-13not yet calculatedCVE-2017-7854
CONFIRM
CONFIRM
radare -- radare2
 
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.2017-04-12not yet calculatedCVE-2017-7716
CONFIRM
red_hat -- quickstart_cloud_installerThe web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.2017-04-14not yet calculatedCVE-2016-7060
REDHAT
CONFIRM
red_hat -- red_hat_satellite_5Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.2017-04-13not yet calculatedCVE-2016-2104
REDHAT
CONFIRM
CONFIRM
resteasy -- resteasyJacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.2017-04-12not yet calculatedCVE-2016-6348
CONFIRM
roundcube -- webmailCross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.2017-04-13not yet calculatedCVE-2016-4068
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
roundcube -- webmail
 
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.2017-04-13not yet calculatedCVE-2015-8864
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rtmpdump -- rtmpdump
 
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).2017-04-13not yet calculatedCVE-2015-8270
BID
MISC
rtmpdump -- rtmpdump
 
The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.2017-04-13not yet calculatedCVE-2015-8271
BID
MISC
rtmpdump -- rtmpdump
 
RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).2017-04-13not yet calculatedCVE-2015-8272
BID
MISC
saltstack -- saltstack
 
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.2017-04-13not yet calculatedCVE-2015-1839
FEDORA
CONFIRM
CONFIRM
CONFIRM
CONFIRM
saltstack -- saltstack
 
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.2017-04-13not yet calculatedCVE-2015-1838
FEDORA
CONFIRM
CONFIRM
CONFIRM
samsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4032
MISC
samsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4030
MISC
samsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4031
MISC
samsung -- galaxy_s6Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081.2017-04-13not yet calculatedCVE-2016-2565
MISC
samsung -- galaxy_s6Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.2017-04-13not yet calculatedCVE-2016-2566
MISC
samsung -- galaxy_s6
 
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.2017-04-11not yet calculatedCVE-2015-7893
MISC
BID
CONFIRM
MISC
EXPLOIT-DB
samsung -- samsungSamsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.2017-04-13not yet calculatedCVE-2015-8780
MISC
samsung -- samsung_kernelsecfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL.2017-04-13not yet calculatedCVE-2016-2567
MISC
samsung -- samsung_kernelThe getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.2017-04-13not yet calculatedCVE-2016-2036
MISC
sap -- business_intelligence_platformSQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633.2017-04-13not yet calculatedCVE-2016-6818
MISC
sap -- business_warehouse_accelerator
 
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.2017-04-11not yet calculatedCVE-2017-7691
BID
CONFIRM
sap -- hanaSAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.2017-04-13not yet calculatedCVE-2016-6143
BID
MISC
MISC
sap -- netweaver_as_java
 
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.2017-04-14not yet calculatedCVE-2017-7717
MISC
sap -- netweaver
 
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.2017-04-10not yet calculatedCVE-2016-10311
MISC
sap -- sap_as_java
 
SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.2017-04-14not yet calculatedCVE-2017-7696
MISC
schneider_electric -- homelynk_controller
 
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.2017-04-11not yet calculatedCVE-2017-7689
CONFIRM
BID
MISC
scm_plug-in -- scm_plug-inThe scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.2017-04-14not yet calculatedCVE-2016-6299
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
seawell_networks -- spectrum
 
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.2017-04-13not yet calculatedCVE-2015-8283
MISC
FULLDISC
EXPLOIT-DB
seawell_networks -- spectrum
 
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.2017-04-13not yet calculatedCVE-2015-8284
MISC
FULLDISC
EXPLOIT-DB
seawell_networks -- spectrum
 
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.2017-04-13not yet calculatedCVE-2015-8282
MISC
FULLDISC
EXPLOIT-DB
setroubleshoot -- setroubleshootThe fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.2017-04-11not yet calculatedCVE-2016-4445
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
REDHAT
setroubleshoot -- setroubleshootThe allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.2017-04-11not yet calculatedCVE-2016-4444
MLIST
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
REDHAT
setroubleshoot -- setroubleshootThe allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.2017-04-11not yet calculatedCVE-2016-4446
MLIST
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
REDHAT
setroubleshoot -- setroubleshootsetroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.2017-04-11not yet calculatedCVE-2016-4989
MLIST
SECTRACK
REDHAT
CONFIRM
CONFIRM
CONFIRM
REDHAT
setucocms -- setucocmsSetucoCMS allows remote attackers to alter or disclose information, related to session information.2017-04-12not yet calculatedCVE-2016-4896
JVN
JVNDB
BID
setucocms -- setucocmsSetucoCMS allows remote attackers to cause a denial of service.2017-04-12not yet calculatedCVE-2016-4894
JVN
JVNDB
BID
setucocms -- setucocmsSetucoCMS allows remote authenticated users to execute arbitrary code.2017-04-12not yet calculatedCVE-2016-4895
JVN
JVNDB
BID
setucocms -- setucocmsCross-site request forgery (CSRF) vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4891
JVN
JVNDB
BID
setucocms -- setucocmsSQL injection vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4893
JVN
JVNDB
BID
setucocms -- setucocmsCross-site scripting (XSS) vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4892
JVN
JVNDB
BID
skia -- skia
 
SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash).2017-04-13not yet calculatedCVE-2013-6648
CONFIRM
CONFIRM
solarwinds -- log_and_event_managerSolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.2017-04-10not yet calculatedCVE-2017-7646
CONFIRM
solarwinds -- log_and_event_managerSolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.2017-04-10not yet calculatedCVE-2017-7647
CONFIRM
solarwinds -- log_and_event_managerIn SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.2017-04-12not yet calculatedCVE-2017-7722
MISC
MISC
sony -- camerasSONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.2017-04-13not yet calculatedCVE-2016-7834
JVN
CONFIRM
splunk -- enterprise
 
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.2017-04-10not yet calculatedCVE-2017-5607
MISC
FULLDISC
BUGTRAQ
BID
BID
SECTRACK
EXPLOIT-DB
CONFIRM
squashfs -- unsquash
 
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.2017-04-13not yet calculatedCVE-2015-4646
MLIST
BID
sudo -- sudosudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.2017-04-14not yet calculatedCVE-2016-7032
BID
CONFIRM
CONFIRM
symantec -- multiple_products
 
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.2017-04-14not yet calculatedCVE-2016-5309
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
MISC
EXPLOIT-DB
CONFIRM
symantec -- multiple_products
 
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.2017-04-14not yet calculatedCVE-2016-5310
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
MISC
EXPLOIT-DB
CONFIRM
symantec -- symantec_messaging_gatewayDirectory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.2017-04-14not yet calculatedCVE-2016-5312
MISC
FULLDISC
BID
SECTRACK
CONFIRM
EXPLOIT-DB
symantec -- symantec_web_gatewaySymantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.2017-04-12not yet calculatedCVE-2016-5313
MISC
FULLDISC
BID
SECTRACK
CONFIRM
symphony -- symphony_cms
 
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.2017-04-11not yet calculatedCVE-2017-7694
MISC
BID
MISC
MISC
synology -- photo_stationSynology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.2017-04-10not yet calculatedCVE-2016-10322
MISC
MISC
synology -- photo_stationSynology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.2017-04-10not yet calculatedCVE-2016-10323
MISC
MISC
teampass -- teampassMultiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.2017-04-12not yet calculatedCVE-2015-7564
CONFIRM
EXPLOIT-DB
teampass -- teampassCross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.2017-04-12not yet calculatedCVE-2015-7563
MISC
EXPLOIT-DB
teampass -- teampassMultiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.2017-04-12not yet calculatedCVE-2015-7562
CONFIRM
EXPLOIT-DB
trend_micro -- threat_discovery_applianceA command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.2017-04-12not yet calculatedCVE-2016-7547
BID
MISC
trend_micro -- threat_discovery_applianceOn the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.2017-04-12not yet calculatedCVE-2016-7552
BID
MISC
trollpierre/tdm -- trollpierre/tdm
 
trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).2017-04-14not yet calculatedCVE-2017-7871
CONFIRM
CONFIRM
ubuntu -- ubuntu
 
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.2017-04-14not yet calculatedCVE-2016-0727
MISC
BID
SECTRACK
UBUNTU
CONFIRM
CONFIRM
umbraco -- umbraco
 
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.2017-04-13not yet calculatedCVE-2012-1301
BUGTRAQ
BID
MISC
unisys -- s-par
 
Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.2017-04-11not yet calculatedCVE-2017-5873
CONFIRM
unitrends -- enterprise_backup
 
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.2017-04-12not yet calculatedCVE-2017-7279
MISC
unitrends -- enterprise_backup
 
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.2017-04-12not yet calculatedCVE-2017-7281
MISC
unitrends -- enterprise_backup
 
An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.2017-04-12not yet calculatedCVE-2017-7284
MISC
unitrends -- enterprise_backup
 
An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.2017-04-12not yet calculatedCVE-2017-7280
MISC
vtiger -- vtiger_crm
 
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.2017-04-14not yet calculatedCVE-2016-1713
MISC
MLIST
MLIST
webmin -- userminMultiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.2017-04-12not yet calculatedCVE-2016-4897
JVN
JVNDB
BID
wireshark -- wiresharkIn Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector.2017-04-12not yet calculatedCVE-2016-7958
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkIn Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings.2017-04-12not yet calculatedCVE-2016-7957
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.2017-04-12not yet calculatedCVE-2017-7702
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.2017-04-12not yet calculatedCVE-2017-7705
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.2017-04-12not yet calculatedCVE-2017-7701
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.2017-04-12not yet calculatedCVE-2017-7700
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.2017-04-12not yet calculatedCVE-2017-7703
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.2017-04-12not yet calculatedCVE-2017-7745
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.2017-04-12not yet calculatedCVE-2017-7704
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.2017-04-12not yet calculatedCVE-2017-7747
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.2017-04-12not yet calculatedCVE-2017-7748
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.2017-04-12not yet calculatedCVE-2017-7746
BID
CONFIRM
CONFIRM
CONFIRM
wolf_cms -- wolf_cms
 
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.2017-04-14not yet calculatedCVE-2015-6568
MISC
MISC
MISC
CONFIRM
CONFIRM
wolf_cms -- wolf_cms
 
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.2017-04-14not yet calculatedCVE-2015-6567
MISC
MISC
MISC
CONFIRM
CONFIRM
wordpress -- wordpress
 
SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.2017-04-12not yet calculatedCVE-2017-7719
MISC
zoho -- manageengine_servicedesk_plusCross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-14not yet calculatedCVE-2016-4888
JVN
JVNDB
BID
zoho -- manageengine_servicedesk_plusZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.2017-04-14not yet calculatedCVE-2016-4889
JVN
JVNDB
BID
zoho -- manageengine_servicedesk_plusZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generationg cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.2017-04-14not yet calculatedCVE-2016-4890
JVN
JVNDB
BID
zurmo -- zurmo
 
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.2017-04-14not yet calculatedCVE-2017-7188
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top