Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-15 | CVE-2017-7489 | Improper Privilege Management vulnerability in Moodle In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. | 6.3 |
| 2017-05-15 | CVE-2017-5655 | Information Exposure vulnerability in Apache Ambari In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. | 6.5 |
| 2017-05-15 | CVE-2016-8741 | Information Exposure vulnerability in Apache Qpid Broker-J The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. | 7.5 |
| 2017-05-15 | CVE-2017-7213 | Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. | 10.0 |
| 2017-05-14 | CVE-2017-8930 | Cross-Site Request Forgery (CSRF) vulnerability in Simpleinvoices Simple Invoices 2013.1 Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules. | 8.8 |
| 2017-05-14 | CVE-2017-8929 | Use After Free vulnerability in Virustotal Yara 3.5.0 The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. | 7.5 |
| 2017-05-14 | CVE-2017-8928 | Cross-Site Request Forgery (CSRF) vulnerability in Mailcow Mailcow: Dockerized 0.14 mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | 8.8 |
| 2017-05-14 | CVE-2017-7487 | Use After Free vulnerability in multiple products The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. | 7.8 |
| 2017-05-12 | CVE-2017-8925 | Improper Resource Shutdown or Release vulnerability in multiple products The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. | 5.5 |
| 2017-05-12 | CVE-2017-8924 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. | 4.6 |