Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-12 | CVE-2016-8716 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moxa Awk-3131A Firmware 1.1 An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. | 7.5 |
| 2017-04-12 | CVE-2017-7742 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libsndfile Project Libsndfile In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. | 5.5 |
| 2017-04-12 | CVE-2017-7741 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libsndfile Project Libsndfile In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. | 5.5 |
| 2017-04-12 | CVE-2017-7722 | Command Injection vulnerability in Solarwinds LOG & Event Manager 6.3.1 In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). | 10.0 |
| 2017-04-12 | CVE-2017-7719 | SQL Injection vulnerability in Web-Dorado Spider Event Calendar SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php. | 9.8 |
| 2017-04-12 | CVE-2017-7716 | Out-of-bounds Read vulnerability in Radare Radare2 1.3.0 The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | 5.5 |
| 2017-04-12 | CVE-2017-3125 | Cross-site Scripting vulnerability in Fortinet Fortimail An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker. | 6.1 |
| 2017-04-12 | CVE-2017-3065 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. | 7.8 |
| 2017-04-12 | CVE-2017-3064 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Flash Player Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. | 7.8 |
| 2017-04-12 | CVE-2017-3063 | Use After Free vulnerability in Adobe Flash Player Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. | 9.8 |