Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-11 | CVE-2017-7694 | Code Injection vulnerability in Getsymphony Symphony Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. | 8.8 |
| 2017-04-11 | CVE-2017-7691 | Code Injection vulnerability in SAP Trex A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). | 9.8 |
| 2017-04-11 | CVE-2017-7689 | Command Injection vulnerability in Schneider-Electric Homelynk Controller Lss100100 Firmware 1.3.0 A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | 9.8 |
| 2017-04-11 | CVE-2015-8666 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. | 7.9 |
| 2017-04-11 | CVE-2015-8613 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. | 6.5 |
| 2017-04-11 | CVE-2015-8568 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. | 6.5 |
| 2017-04-11 | CVE-2015-8504 | Divide By Zero vulnerability in multiple products Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. | 6.5 |
| 2017-04-11 | CVE-2015-7893 | Improper Input Validation vulnerability in Samsung Galaxy S6 SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | 8.8 |
| 2017-04-11 | CVE-2014-9837 | Out-of-bounds Read vulnerability in Imagemagick 6.9.01 coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. | 6.5 |
| 2017-04-11 | CVE-2014-8716 | Out-of-bounds Read vulnerability in Imagemagick The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). | 6.2 |