Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-14 | CVE-2017-7696 | Allocation of Resources Without Limits or Throttling vulnerability in SAP SSO Authentication Library 2.0/3.0 SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042. | 7.5 |
| 2017-04-14 | CVE-2017-7690 | OS Command Injection vulnerability in Proxifier Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program. | 7.8 |
| 2017-04-14 | CVE-2017-7357 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server 2.2.0/2.2.1/2.2.2 Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | 9.1 |
| 2017-04-14 | CVE-2017-7188 | Cross-site Scripting vulnerability in Zurmo CRM Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. | 5.4 |
| 2017-04-14 | CVE-2017-6554 | Improper Input Validation vulnerability in Quest Privilege Manager 6.0.027/6.0.050 pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action. | 7.2 |
| 2017-04-14 | CVE-2016-8602 | Incorrect Type Conversion or Cast vulnerability in Artifex Ghostscript The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. | 7.8 |
| 2017-04-14 | CVE-2016-7060 | Information Exposure vulnerability in Redhat Quickstart Cloud Installer 1.0 The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. | 4.6 |
| 2017-04-14 | CVE-2016-7051 | Server-Side Request Forgery (SSRF) vulnerability in Fasterxml Jackson-Dataformat-Xml XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. | 8.6 |
| 2017-04-14 | CVE-2016-7032 | Improper Access Control vulnerability in Todd Miller Sudo sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. | 7.0 |
| 2017-04-14 | CVE-2016-6489 | Information Exposure Through Discrepancy vulnerability in multiple products The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. | 7.5 |