Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-26 | CVE-2017-3161 | Cross-site Scripting vulnerability in Apache Hadoop The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. | 6.1 |
| 2017-04-26 | CVE-2017-1170 | Unspecified vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. | 5.3 |
| 2017-04-26 | CVE-2016-8962 | Credentials Management vulnerability in IBM Bigfix Inventory 9.0/9.2 IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.9 |
| 2017-04-26 | CVE-2016-8924 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.1/7.5/7.6 IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. | 5.6 |
| 2017-04-26 | CVE-2017-8284 | Code Injection vulnerability in Qemu The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. | 7.0 |
| 2017-04-26 | CVE-2017-7720 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Privatetunnel 2.7/2.8 Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password. | 7.8 |
| 2017-04-26 | CVE-2017-6054 | Use of Hard-coded Credentials vulnerability in Hyundaiusa Blue Link 3.9.4/3.9.5 A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. | 7.5 |
| 2017-04-26 | CVE-2017-6052 | Unspecified vulnerability in Hyundaiusa Blue Link 3.9.4/3.9.5 A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. high complexity hyundaiusa | 3.7 |
| 2017-04-26 | CVE-2017-8283 | Path Traversal vulnerability in Debian Dpkg dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | 9.8 |
| 2017-04-26 | CVE-2017-7293 | Deserialization of Untrusted Data vulnerability in Dolby Audio X2 and Dolby Audio X3 The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. | 7.8 |