Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-04-11 CVE-2017-7462 Use of Hard-coded Credentials vulnerability in Intellinet-Network Nfc-30Ir Firmware Lm.1.6.16.05
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
network
low complexity
intellinet-network CWE-798
critical
9.8
2017-04-11 CVE-2017-7461 Path Traversal vulnerability in Intellinet-Network Nfc-30Ir Firmware Lm.1.6.16.05
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
network
low complexity
intellinet-network CWE-22
4.9
2017-04-11 CVE-2017-5873 Unquoted Search Path or Element vulnerability in Unisys Secure Partitioning 4.3.403/4.4.19
Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
local
low complexity
unisys CWE-428
6.7
2017-04-11 CVE-2017-5672 Information Exposure vulnerability in Kony Enterprise Mobile Management 1.2/4.2.0
Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.
network
low complexity
kony CWE-200
6.5
2017-04-11 CVE-2016-5011 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
low complexity
kernel redhat ibm
4.6
2017-04-11 CVE-2016-4468 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
pivotal-software cloudfoundry CWE-89
8.8
2017-04-11 CVE-2016-7467 Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.
network
high complexity
f5 CWE-20
5.3
2017-04-11 CVE-2016-6811 Permissions, Privileges, and Access Controls vulnerability in Apache Hadoop
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
network
low complexity
apache CWE-264
8.8
2017-04-11 CVE-2016-10259 Resource Management Errors vulnerability in Bluecoat products
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections.
network
high complexity
bluecoat CWE-399
5.9
2017-04-11 CVE-2017-7621 Cross-site Scripting vulnerability in Auromeera Emli 1.0
Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt.
network
low complexity
auromeera CWE-79
6.1