Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-09 | CVE-2017-7592 | Improper Input Validation vulnerability in Libtiff 4.0.7 The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | 7.8 |
| 2017-04-09 | CVE-2017-7591 | Cross-site Scripting vulnerability in Openidm Project Openidm 4.0.0/4.5.0 OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. | 6.1 |
| 2017-04-09 | CVE-2017-7590 | Cross-site Scripting vulnerability in Openidm Project Openidm 4.0.0/4.5.0 OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. | 6.1 |
| 2017-04-09 | CVE-2017-7589 | Information Exposure vulnerability in Openidm Project Openidm 4.0.0/4.5.0 In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. | 6.5 |
| 2017-04-07 | CVE-2017-6033 | Uncontrolled Search Path Element vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/12.0/9.0 A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. | 7.8 |
| 2017-04-07 | CVE-2017-6019 | Resource Exhaustion vulnerability in Schneider-Electric Conext Combox 865-1058 Firmware 3.03 An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. | 7.5 |
| 2017-04-07 | CVE-2017-0586 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-07 | CVE-2017-0585 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-07 | CVE-2017-0584 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-07 | CVE-2017-0583 | Unspecified vulnerability in Linux Kernel 3.10/3.18 An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |