Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-13 | CVE-2015-4407 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue. | 6.5 |
| 2017-03-12 | CVE-2014-9645 | Improper Input Validation vulnerability in Busybox The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. | 5.5 |
| 2017-03-12 | CVE-2017-6823 | Authentication Bypass by Capture-replay vulnerability in Fiyo CMS 2.0.6.1 Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | 8.8 |
| 2017-03-12 | CVE-2017-6820 | Cross-site Scripting vulnerability in Roundcube Webmail rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. | 6.1 |
| 2017-03-12 | CVE-2017-6444 | Resource Exhaustion vulnerability in Mikrotik Routeros 6.25 The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. | 7.5 |
| 2017-03-12 | CVE-2017-5626 | Unspecified vulnerability in Oneplus Oxygenos 3.2.8/3.5.4 OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. | 9.8 |
| 2017-03-12 | CVE-2017-5624 | Improper Privilege Management vulnerability in Oneplus Oxygenos 3.2.8/3.5.4/4.0.2 An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. | 9.8 |
| 2017-03-12 | CVE-2017-6819 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. | 6.5 |
| 2017-03-12 | CVE-2017-6818 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. | 6.1 |
| 2017-03-12 | CVE-2017-6817 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | 5.4 |