Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-10 | CVE-2016-6287 | Data Processing Errors vulnerability in Call-Cc Http-Client 0.4.2/0.9 The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. | 7.5 |
| 2017-01-10 | CVE-2016-6286 | Data Processing Errors vulnerability in Call-Cc Http-Client 0.4.2 The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also known as a "httpoxy" attack). | 7.5 |
| 2017-01-10 | CVE-2015-4594 | Session Fixation vulnerability in Eclinicalworks Population Health eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. | 9.8 |
| 2017-01-10 | CVE-2015-4593 | Cross-Site Request Forgery (CSRF) vulnerability in Eclinicalworks Population Health eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees. | 8.8 |
| 2017-01-10 | CVE-2015-4592 | SQL Injection vulnerability in Eclinicalworks Population Health eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. | 8.8 |
| 2017-01-10 | CVE-2015-4591 | Cross-site Scripting vulnerability in Eclinicalworks Population Health eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter. | 6.1 |
| 2017-01-10 | CVE-2016-10126 | Permissions, Privileges, and Access Controls vulnerability in Splunk Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. | 9.8 |
| 2017-01-09 | CVE-2016-8106 | Improper Input Validation vulnerability in multiple products A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | 5.9 |
| 2017-01-09 | CVE-2016-10125 | Use of Hard-coded Credentials vulnerability in Dlink Dgs-1100 Firmware 1.01.018 D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | 8.1 |
| 2017-01-09 | CVE-2017-5217 | Improper Input Validation vulnerability in Samsung Mobile Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. | 5.5 |