Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-05-03 CVE-2017-6620 Improper Input Validation vulnerability in Cisco Small Business RV Series Router Firmware 1.0.1.19
A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL.
network
low complexity
cisco CWE-20
5.8
2017-05-03 CVE-2017-7229 Inadequate Encryption Strength vulnerability in Vaultive Office 365 Security 4.5.19
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly.
network
low complexity
vaultive CWE-326
critical
9.1
2017-05-03 CVE-2017-5481 Information Exposure vulnerability in Trendmicro Officescan 11.0/12.0
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.
network
low complexity
trendmicro CWE-200
8.8
2017-05-03 CVE-2017-7995 Information Exposure vulnerability in multiple products
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure.
local
low complexity
xen novell suse CWE-200
3.8
2017-05-03 CVE-2016-9976 Improper Access Control vulnerability in IBM products
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files.
local
low complexity
ibm CWE-284
8.4
2017-05-03 CVE-2016-2930 Improper Access Control vulnerability in IBM Bigfix Remote Control 9.1.3
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication.
network
low complexity
ibm CWE-284
7.5
2017-05-03 CVE-2016-0382 Information Exposure vulnerability in IBM Tealeaf Consumer Experience
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS.
local
low complexity
ibm CWE-200
4.0
2017-05-03 CVE-2017-5240 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rapid7 Appspider PRO
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component.
network
low complexity
rapid7 CWE-119
7.5
2017-05-03 CVE-2017-5236 Untrusted Search Path vulnerability in Rapid7 Appspider PRO
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
local
low complexity
rapid7 CWE-426
7.8
2017-05-03 CVE-2017-8459 Unspecified vulnerability in Brave 0.12.4
Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way.
network
low complexity
brave
6.5