Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-29 | CVE-2016-9924 | XXE vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | 9.8 |
| 2017-03-29 | CVE-2016-6846 | Cross-site Scripting vulnerability in Open-Xchange products Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2017-03-29 | CVE-2015-8234 | Cryptographic Issues vulnerability in Openstack Glance 11.0.0 The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. | 5.5 |
| 2017-03-29 | CVE-2015-4556 | Improper Input Validation vulnerability in Call-Cc Chicken 4.8.0/4.9.0 The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). | 7.5 |
| 2017-03-29 | CVE-2009-5147 | Improper Input Validation vulnerability in Ruby-Lang Ruby DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. | 7.3 |
| 2017-03-29 | CVE-2017-7298 | Cross-site Scripting vulnerability in Moodle 3.2.2 In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. | 5.4 |
| 2017-03-29 | CVE-2017-7294 | Integer Overflow or Wraparound vulnerability in Linux Kernel The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. | 7.8 |
| 2017-03-29 | CVE-2017-6864 | Cross-site Scripting vulnerability in Siemens Ruggedcom ROX I 2.9.0 The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. | 5.4 |
| 2017-03-29 | CVE-2017-2689 | Improper Authentication vulnerability in Siemens Ruggedcom ROX I 2.9.0 Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. | 8.8 |
| 2017-03-29 | CVE-2017-2688 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom ROX I 2.9.0 The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. | 8.8 |