Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-06 | CVE-2017-7192 | Improper Certificate Validation vulnerability in Starscream Project Starscream WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | 7.5 |
| 2017-04-06 | CVE-2017-6968 | Unspecified vulnerability in GMV Checker ATM Security GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03. | 8.8 |
| 2017-04-06 | CVE-2017-6130 | Server-Side Request Forgery (SSRF) vulnerability in F5 SSL Intercept Iapp and SSL Orchestrator F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. | 7.4 |
| 2017-04-06 | CVE-2017-5887 | Improper Certificate Validation vulnerability in Starscream Project Starscream WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). | 7.5 |
| 2017-04-06 | CVE-2017-0305 | Unspecified vulnerability in F5 SSL Intercept Iapp 1.5.0/1.5.7 F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic. | 9.8 |
| 2017-04-06 | CVE-2017-7454 | Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.0 The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | 5.5 |
| 2017-04-06 | CVE-2017-7453 | NULL Pointer Dereference vulnerability in Entropymine Imageworsener 1.3.0 The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | 5.5 |
| 2017-04-06 | CVE-2017-7452 | NULL Pointer Dereference vulnerability in Entropymine Imageworsener 1.3.0 The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | 5.5 |
| 2017-04-05 | CVE-2017-7450 | Improper Authentication vulnerability in Airtame Hdmi Dongle Firmware 2.1.1 AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. | 9.8 |
| 2017-04-05 | CVE-2017-7448 | Divide By Zero vulnerability in Dropbox Lepton 1.2.1 The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image. | 5.5 |