Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-14 | CVE-2017-7875 | Out-of-bounds Write vulnerability in FEH Project FEH In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. | 9.8 |
| 2017-04-14 | CVE-2017-7871 | Cross-site Scripting vulnerability in TDM Project TDM 20170412 trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). | 6.1 |
| 2017-04-14 | CVE-2017-7717 | SQL Injection vulnerability in SAP Netweaver Application Server Java 7.40 SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. | 8.8 |
| 2017-04-14 | CVE-2017-7696 | Allocation of Resources Without Limits or Throttling vulnerability in SAP SSO Authentication Library 2.0/3.0 SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042. | 7.5 |
| 2017-04-14 | CVE-2017-7690 | OS Command Injection vulnerability in Proxifier Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program. | 7.8 |
| 2017-04-14 | CVE-2017-7357 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server 2.2.0/2.2.1/2.2.2 Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | 9.1 |
| 2017-04-14 | CVE-2017-7188 | Cross-site Scripting vulnerability in Zurmo CRM Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. | 5.4 |
| 2017-04-14 | CVE-2017-6554 | Improper Input Validation vulnerability in Quest Privilege Manager 6.0.027/6.0.050 pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action. | 7.2 |
| 2017-04-14 | CVE-2016-8602 | Incorrect Type Conversion or Cast vulnerability in Artifex Ghostscript The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. | 7.8 |
| 2017-04-14 | CVE-2016-7060 | Information Exposure vulnerability in Redhat Quickstart Cloud Installer 1.0 The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. | 4.6 |