Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-10 | CVE-2017-7648 | Use of Hard-coded Credentials vulnerability in Foscam products Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 8.1 |
| 2017-04-10 | CVE-2017-7647 | Unspecified vulnerability in Solarwinds LOG & Event Manager 6.3.1 SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. | 8.8 |
| 2017-04-10 | CVE-2017-7646 | Information Exposure vulnerability in Solarwinds LOG & Event Manager 6.3.1 SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | 6.5 |
| 2017-04-10 | CVE-2016-8237 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Updates Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | 8.1 |
| 2017-04-10 | CVE-2016-8235 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Customer Care Software Development KIT 2.0.16 Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | 7.8 |
| 2017-04-10 | CVE-2016-10323 | Permissions, Privileges, and Access Controls vulnerability in Synology Photo Station Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. | 7.8 |
| 2017-04-10 | CVE-2016-10322 | Command Injection vulnerability in Synology Photo Station Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. | 8.8 |
| 2017-04-10 | CVE-2017-7625 | Code Injection vulnerability in Fiyo CMS In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | 9.8 |
| 2017-04-10 | CVE-2017-7624 | Missing Release of Resource after Effective Lifetime vulnerability in Entropymine Imageworsener 1.3.0 The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. | 5.5 |
| 2017-04-10 | CVE-2017-7623 | Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.0 The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | 5.5 |