Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-17 | CVE-2017-7885 | Integer Overflow or Wraparound vulnerability in Artifex Jbig2Dec 0.13 Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. | 7.1 |
| 2017-04-16 | CVE-2017-7615 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mantisbt MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | 8.8 |
| 2017-04-15 | CVE-2017-7882 | Out-of-bounds Write vulnerability in Libreoffice LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. | 9.8 |
| 2017-04-15 | CVE-2017-7881 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. | 8.8 |
| 2017-04-14 | CVE-2017-7879 | SQL Injection vulnerability in Flatcore Flatcore-Cms 1.4.6 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | 7.5 |
| 2017-04-14 | CVE-2017-7878 | SQL Injection vulnerability in Flatcore Flatcore-Cms 1.4.6 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | 9.8 |
| 2017-04-14 | CVE-2017-7877 | Cross-Site Request Forgery (CSRF) vulnerability in Flatcore Flatcore-Cms 1.4.6 CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | 8.8 |
| 2017-04-14 | CVE-2017-7875 | Out-of-bounds Write vulnerability in FEH Project FEH In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. | 9.8 |
| 2017-04-14 | CVE-2017-7871 | Cross-site Scripting vulnerability in TDM Project TDM 20170412 trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). | 6.1 |
| 2017-04-14 | CVE-2017-7717 | SQL Injection vulnerability in SAP Netweaver Application Server Java 7.40 SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. | 8.8 |