Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2017-5239 | Inadequate Encryption Strength vulnerability in Eviewgps Ev-07S GPS Tracker Firmware Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener. | 7.5 |
| 2017-03-27 | CVE-2017-5238 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eviewgps Ev-07S GPS Tracker Firmware Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. | 5.3 |
| 2017-03-27 | CVE-2017-5237 | Improper Authentication vulnerability in Eviewgps Ev-07S GPS Tracker Firmware Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!" | 7.5 |
| 2017-03-27 | CVE-2017-7275 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.49 The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. | 5.5 |
| 2017-03-27 | CVE-2016-9252 | Data Processing Errors vulnerability in F5 products The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. | 7.5 |
| 2017-03-27 | CVE-2017-7274 | NULL Pointer Dereference vulnerability in Radare Radare2 1.3.0 The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. | 5.5 |
| 2017-03-27 | CVE-2017-7273 | Unspecified vulnerability in Linux Kernel The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. low complexity linux | 6.6 |
| 2017-03-27 | CVE-2017-7272 | Server-Side Request Forgery (SSRF) vulnerability in PHP PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. | 7.4 |
| 2017-03-27 | CVE-2017-7271 | Cross-site Scripting vulnerability in YII Software YII 2.0.10 Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. | 6.1 |
| 2017-03-27 | CVE-2017-7191 | Use After Free vulnerability in Irssi The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | 9.8 |