Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2017-2114 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-04-28 | CVE-2017-2113 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata products Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2112 | OS Command Injection vulnerability in Iodata products TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2111 | CRLF Injection vulnerability in Iodata products HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. | 6.1 |
| 2017-04-28 | CVE-2017-2110 | Improper Certificate Validation vulnerability in Nissan Securities Access CX The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-04-28 | CVE-2017-2109 | Information Exposure vulnerability in Cybozu Kunai 3.0.4/3.0.5/3.0.5.1 Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. | 2.5 |
| 2017-04-28 | CVE-2017-2108 | Untrusted Search Path vulnerability in Softbank Primedrive Desktop Application 1.4.3 Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-04-28 | CVE-2017-2107 | Untrusted Search Path vulnerability in Akky 7-Zip32.Dll Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-04-28 | CVE-2017-2106 | Cross-site Scripting vulnerability in Webmin Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-04-28 | CVE-2017-2105 | Information Exposure vulnerability in Presentcast INC Tver 3.2.7 The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |