Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-11 | CVE-2017-7462 | Use of Hard-coded Credentials vulnerability in Intellinet-Network Nfc-30Ir Firmware Lm.1.6.16.05 Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. | 9.8 |
| 2017-04-11 | CVE-2017-7461 | Path Traversal vulnerability in Intellinet-Network Nfc-30Ir Firmware Lm.1.6.16.05 Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization. | 4.9 |
| 2017-04-11 | CVE-2017-5873 | Unquoted Search Path or Element vulnerability in Unisys Secure Partitioning 4.3.403/4.4.19 Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | 6.7 |
| 2017-04-11 | CVE-2017-5672 | Information Exposure vulnerability in Kony Enterprise Mobile Management 1.2/4.2.0 Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. | 6.5 |
| 2017-04-11 | CVE-2016-5011 | The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. | 4.6 |
| 2017-04-11 | CVE-2016-4468 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2017-04-11 | CVE-2016-7467 | Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector. | 5.3 |
| 2017-04-11 | CVE-2016-6811 | Permissions, Privileges, and Access Controls vulnerability in Apache Hadoop In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2017-04-11 | CVE-2016-10259 | Resource Management Errors vulnerability in Bluecoat products Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. | 5.9 |
| 2017-04-11 | CVE-2017-7621 | Cross-site Scripting vulnerability in Auromeera Emli 1.0 Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. | 6.1 |