Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-06 | CVE-2017-8920 | Cross-site Scripting vulnerability in Cgiirc Cgi:Irc irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS. | 6.1 |
| 2017-06-06 | CVE-2017-5243 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Rapid7 Nexpose The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. | 8.5 |
| 2017-06-06 | CVE-2017-9449 | SQL Injection vulnerability in Bigtreecms Bigtree CMS SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. | 8.8 |
| 2017-06-06 | CVE-2017-9448 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. | 5.4 |
| 2017-06-06 | CVE-2017-9332 | Cross-site Scripting vulnerability in Pivotx 2.3.11 The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | 6.1 |
| 2017-06-06 | CVE-2017-8083 | Missing Authorization vulnerability in Compulab Intense PC Firmware and Mintbox 2 Firmware CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. | 6.7 |
| 2017-06-06 | CVE-2017-7515 | Uncontrolled Recursion vulnerability in Freedesktop Poppler poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | 5.5 |
| 2017-06-06 | CVE-2017-5664 | Improper Handling of Exceptional Conditions vulnerability in Apache Tomcat The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. | 7.5 |
| 2017-06-06 | CVE-2016-10297 | Race Condition vulnerability in Google Android In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. | 7.0 |
| 2017-06-06 | CVE-2015-9007 | Double Free vulnerability in Google Android In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist. | 7.8 |