Weekly Vulnerabilities Reports > February 20 to 26, 2017
Overview
262 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 35 high severity vulnerabilities. This weekly summary report vulnerabilities in 102 products from 45 vendors including Apple, Cisco, Debian, IBM, and Webkitgtk. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Improper Input Validation", "Cross-site Scripting", and "Permissions, Privileges, and Access Controls".
- 203 reported vulnerabilities are remotely exploitables.
- 39 reported vulnerabilities have public exploit available.
- 38 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 237 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 152 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 19 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
27 Critical Vulnerabilities
35 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-02-26 | CVE-2017-0037 | Microsoft | Type Confusion vulnerability in Microsoft Edge and Internet Explorer Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. | 8.1 |
2017-02-24 | CVE-2017-6306 | Ytnef Project Debian | Path Traversal vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 7.8 |
2017-02-24 | CVE-2017-6305 | Ytnef Project Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 7.8 |
2017-02-24 | CVE-2017-6304 | Ytnef Project Debian | Out-of-bounds Read vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 7.8 |
2017-02-24 | CVE-2017-6303 | Ytnef Project Debian | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 7.8 |
2017-02-24 | CVE-2017-6302 | Ytnef Project Debian | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 7.8 |
2017-02-24 | CVE-2017-6301 | Ytnef Project Debian | Out-of-bounds Read vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 7.8 |
2017-02-24 | CVE-2017-6300 | Ytnef Project Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 7.8 |
2017-02-24 | CVE-2017-6298 | Ytnef Project Debian | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 7.8 |
2017-02-24 | CVE-2017-6196 | Artifex | Use After Free vulnerability in Artifex Afpl Ghostscript Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document. | 7.8 |
2017-02-22 | CVE-2016-8636 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology. | 7.8 |
2017-02-21 | CVE-2016-10227 | Zyxel | Resource Management Errors vulnerability in Zyxel Nwa3560-N Firmware and Usg50 Firmware Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. | 7.8 |
2017-02-24 | CVE-2017-2790 | Justsystems | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems Ichitaro When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. | 7.5 |
2017-02-24 | CVE-2017-2789 | Justsystems | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems Ichitaro When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. | 7.5 |
2017-02-24 | CVE-2016-4041 | Plone | Permissions, Privileges, and Access Controls vulnerability in Plone Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. | 7.5 |
2017-02-23 | CVE-2016-10109 | Muscle Canonical | Use After Free vulnerability in multiple products Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. | 7.5 |
2017-02-23 | CVE-2016-8974 | IBM | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 7.5 |
2017-02-23 | CVE-2017-6205 | Dlink | Security Bypass vulnerability in Multiple D-Link Products D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors. | 7.5 |
2017-02-22 | CVE-2017-6187 | Disksavvy | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Disksavvy Enterprise 9.4.18 Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request. | 7.5 |
2017-02-22 | CVE-2016-1245 | Quagga Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. | 7.5 |
2017-02-22 | CVE-2017-5586 | Opentext | Improper Input Validation vulnerability in Opentext Documentum D2 OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. | 7.5 |
2017-02-22 | CVE-2016-9956 | Debian Fedoraproject Flightgear | Improper Access Control vulnerability in multiple products The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | 7.5 |
2017-02-21 | CVE-2016-9049 | Aerospike | NULL Pointer Dereference vulnerability in Aerospike Database Server 3.10.0.3 An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. | 7.5 |
2017-02-21 | CVE-2017-6095 | Mail Masta Project | SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0 A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. | 7.5 |
2017-02-21 | CVE-2017-6070 | Cmsmadesimple | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. | 7.5 |
2017-02-21 | CVE-2017-5959 | Metalgenix | Cross-Site Request Forgery (CSRF) vulnerability in Metalgenix Genixcms CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. | 7.5 |
2017-02-20 | CVE-2016-7663 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 7.5 |
2017-02-20 | CVE-2016-7630 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 7.5 |
2017-02-22 | CVE-2014-4677 | Gpgtools | Command Injection vulnerability in Gpgtools Libmacgpg 0.6 The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument. | 7.2 |
2017-02-20 | CVE-2016-7661 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and mac OS X An issue was discovered in certain Apple products. | 7.2 |
2017-02-20 | CVE-2016-7660 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 7.2 |
2017-02-20 | CVE-2016-7637 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 7.2 |
2017-02-20 | CVE-2016-7633 | Apple | Use After Free vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 7.2 |
2017-02-20 | CVE-2016-7621 | Apple | Use After Free vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 7.2 |
2017-02-20 | CVE-2016-4669 | Apple | Improper Input Validation vulnerability in Apple products An issue was discovered in certain Apple products. | 7.2 |
167 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-02-24 | CVE-2017-2791 | Justsystems | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems Ichitaro 2016 JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. | 6.8 |
2017-02-24 | CVE-2016-2226 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libiberty Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. | 6.8 |
2017-02-24 | CVE-2016-9975 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Dashboard Application Services HUB 3.1.2.1/3.1.3 IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
2017-02-24 | CVE-2017-6310 | Tnef Project Debian | Out-of-bounds Read vulnerability in multiple products An issue was discovered in tnef before 1.4.13. | 6.8 |
2017-02-24 | CVE-2017-6309 | Tnef Project Debian | Out-of-bounds Read vulnerability in multiple products An issue was discovered in tnef before 1.4.13. | 6.8 |
2017-02-24 | CVE-2017-6308 | Tnef Project Debian | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in tnef before 1.4.13. | 6.8 |
2017-02-24 | CVE-2017-6307 | Tnef Project Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in tnef before 1.4.13. | 6.8 |
2017-02-22 | CVE-2017-2684 | Siemens | Authentication Bypass vulnerability in Siemens Simatic Logon 1.5 Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. | 6.8 |
2017-02-21 | CVE-2017-6127 | Digisol | Cross-Site Request Forgery (CSRF) vulnerability in Digisol Dg-Hr1400 Firmware 1.00.02 Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi. | 6.8 |
2017-02-21 | CVE-2017-5881 | Gomlab | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gomlab GOM Player 2.3.10.5266 GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file. | 6.8 |
2017-02-20 | CVE-2017-2374 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Garageband An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2017-2373 | Apple Webkitgtk | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2017-2372 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Garageband and Logic PRO X An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2017-2369 | Apple Webkitgtk | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2017-2366 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2017-2362 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple TV, Iphone OS and Safari An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2017-2356 | Apple Webkitgtk | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2017-2355 | Apple Webkitgtk | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2017-2354 | Apple Webkitgtk | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7742 | Apple | Improper Input Validation vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7659 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7658 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7656 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7655 | Apple | Incorrect Type Conversion or Cast vulnerability in Apple Iphone OS and mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7654 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7652 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7649 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7648 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7646 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7645 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7642 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7641 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7640 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7639 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7635 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7632 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7626 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Tvos and Watchos An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7622 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7618 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7611 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7610 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7595 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7594 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7589 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7588 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7587 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7584 | Apple | 7PK - Security Features vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-7578 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-4764 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-4692 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-4691 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-4688 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X, Tvos and Watchos An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-4683 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-4681 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-4677 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-4673 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-4667 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-02-20 | CVE-2016-4666 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-02-22 | CVE-2017-5585 | Opentext | Injection vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. | 6.5 |
2017-02-22 | CVE-2017-3835 | Cisco | SQL Injection vulnerability in Cisco Identity Services Engine Software 1.4(0.908) A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. | 6.5 |
2017-02-21 | CVE-2017-6098 | Mail Masta Project | SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0 A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. | 6.5 |
2017-02-21 | CVE-2017-6097 | Mail Masta Project | SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0 A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. | 6.5 |
2017-02-21 | CVE-2017-6096 | Mail Masta Project | SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0 A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. | 6.5 |
2017-02-24 | CVE-2016-8998 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. | 6.0 |
2017-02-22 | CVE-2017-3840 | Cisco | Open Redirect vulnerability in Cisco Secure Access Control System 5.8(2.5) A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. | 5.8 |
2017-02-20 | CVE-2016-7643 | Apple | Out-of-bounds Read vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 5.8 |
2017-02-20 | CVE-2016-4743 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 5.8 |
2017-02-20 | CVE-2016-4682 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 5.8 |
2017-02-20 | CVE-2016-4660 | Apple | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 5.8 |
2017-02-24 | CVE-2017-6299 | Ytnef Project Debian | Infinite Loop vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 5.5 |
2017-02-22 | CVE-2017-3837 | Cisco | Improper Input Validation vulnerability in Cisco Meeting Server An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. | 5.5 |
2017-02-24 | CVE-2016-4042 | Plone | Information Exposure vulnerability in Plone Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. | 5.0 |
2017-02-23 | CVE-2017-6100 | Tcpdf Project | Exposure of Resource to Wrong Sphere vulnerability in Tcpdf Project Tcpdf tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | 5.0 |
2017-02-23 | CVE-2017-6214 | Linux | Infinite Loop vulnerability in Linux Kernel The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. | 5.0 |
2017-02-23 | CVE-2017-6206 | Dlink | Information Exposure vulnerability in Dlink Websmart Dgs-1510 Series Firmware D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors. | 5.0 |
2017-02-22 | CVE-2017-3842 | Cisco | Information Exposure vulnerability in Cisco Intrusion Prevention System Device Manager 7.2(1)V7 A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. | 5.0 |
2017-02-22 | CVE-2017-3841 | Cisco | Information Exposure vulnerability in Cisco Secure Access Control System 5.8(2.5) A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. | 5.0 |
2017-02-22 | CVE-2017-3830 | Cisco | Improper Input Validation vulnerability in Cisco Meeting Server 2.1.0 A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. | 5.0 |
2017-02-22 | CVE-2017-3827 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. | 5.0 |
2017-02-21 | CVE-2015-4057 | Dell | Information Exposure vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4 The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network. | 5.0 |
2017-02-21 | CVE-2017-6072 | Cmsmadesimple | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. | 5.0 |
2017-02-21 | CVE-2017-6071 | Cmsmadesimple | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml. | 5.0 |
2017-02-20 | CVE-2016-7667 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and mac OS X An issue was discovered in certain Apple products. | 5.0 |
2017-02-20 | CVE-2016-7662 | Apple | Improper Certificate Validation vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 5.0 |
2017-02-20 | CVE-2016-4693 | Apple | Inadequate Encryption Strength vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 5.0 |
2017-02-20 | CVE-2016-4689 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 5.0 |
2017-02-20 | CVE-2016-7615 | Apple | Multiple Security vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 4.9 |
2017-02-20 | CVE-2016-7609 | Apple | NULL Pointer Dereference vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.9 |
2017-02-20 | CVE-2016-7604 | Apple | NULL Pointer Dereference vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.9 |
2017-02-20 | CVE-2016-7603 | Apple | NULL Pointer Dereference vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.9 |
2017-02-24 | CVE-2017-5669 | Linux | Improper Input Validation vulnerability in Linux Kernel The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. | 4.6 |
2017-02-20 | CVE-2016-7651 | Apple | Improper Authorization vulnerability in Apple Iphone OS and Watchos An issue was discovered in certain Apple products. | 4.6 |
2017-02-20 | CVE-2016-7601 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.6 |
2017-02-20 | CVE-2016-7583 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Icloud 5.2.1/6.0 An issue was discovered in certain Apple products. | 4.6 |
2017-02-20 | CVE-2016-4781 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.6 |
2017-02-20 | CVE-2016-4690 | Apple | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.6 |
2017-02-20 | CVE-2016-4678 | Apple | NULL Pointer Dereference vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.6 |
2017-02-20 | CVE-2016-4674 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.6 |
2017-02-20 | CVE-2016-4617 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.6 |
2017-02-24 | CVE-2016-5027 | Libdwarf Project | NULL Pointer Dereference vulnerability in Libdwarf Project Libdwarf 20160115 dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file. | 4.3 |
2017-02-24 | CVE-2016-4493 | GNU | Out-of-bounds Read vulnerability in GNU Libiberty The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary. | 4.3 |
2017-02-24 | CVE-2016-4492 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libiberty Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. | 4.3 |
2017-02-24 | CVE-2016-4491 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libiberty The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once." | 4.3 |
2017-02-24 | CVE-2016-4490 | GNU | Integer Overflow or Wraparound vulnerability in GNU Libiberty Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths. | 4.3 |
2017-02-24 | CVE-2016-4489 | GNU | Integer Overflow or Wraparound vulnerability in GNU Libiberty Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables." | 4.3 |
2017-02-24 | CVE-2016-4488 | GNU | Use After Free vulnerability in GNU Libiberty Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." | 4.3 |
2017-02-24 | CVE-2016-4487 | GNU | Use After Free vulnerability in GNU Libiberty Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." | 4.3 |
2017-02-24 | CVE-2017-6197 | Radare | NULL Pointer Dereference vulnerability in Radare Radare2 1.2.1 The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function. | 4.3 |
2017-02-24 | CVE-2017-6099 | Paypal | Cross-site Scripting vulnerability in Paypal Merchant-Sdk-PHP 3.9.1 Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. | 4.3 |
2017-02-24 | CVE-2014-9916 | Bilboplanet | Cross-site Scripting vulnerability in Bilboplanet 2.0 Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php. | 4.3 |
2017-02-23 | CVE-2016-5883 | IBM | Cross-site Scripting vulnerability in IBM Inotes IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.3 |
2017-02-22 | CVE-2016-3052 | IBM | Information Exposure vulnerability in IBM Websphere MQ Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. | 4.3 |
2017-02-22 | CVE-2016-9910 | Html5Lib | Cross-site Scripting vulnerability in Html5Lib The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909. | 4.3 |
2017-02-22 | CVE-2016-9909 | Html5Lib | Cross-site Scripting vulnerability in Html5Lib The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values. | 4.3 |
2017-02-22 | CVE-2017-3845 | Cisco | Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2017-02-22 | CVE-2017-3838 | Cisco | Cross-site Scripting vulnerability in Cisco Secure Access Control System 5.8(2.5) A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 4.3 |
2017-02-22 | CVE-2017-3833 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99999.2) A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 4.3 |
2017-02-22 | CVE-2017-3829 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2017-02-22 | CVE-2017-3828 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2017-02-22 | CVE-2017-3821 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1) A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. | 4.3 |
2017-02-21 | CVE-2017-6078 | Faststone | Improper Input Validation vulnerability in Faststone Maxview 3.0/3.1 FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section. | 4.3 |
2017-02-20 | CVE-2017-0038 | Microsoft | Information Exposure vulnerability in Microsoft products gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. | 4.3 |
2017-02-20 | CVE-2017-2371 | Apple | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2017-2368 | Apple | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2017-2365 | Apple Webkitgtk | Information Exposure vulnerability in multiple products An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2017-2364 | Apple | Information Exposure vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2017-2363 | Apple Webkitgtk | Information Exposure vulnerability in multiple products An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2017-2361 | Apple | Cross-site Scripting vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2017-2359 | Apple | Address Bar Spoofing vulnerability in Apple Safari An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2017-2357 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2017-2350 | Apple Webkitgtk | Information Exposure vulnerability in multiple products An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7762 | Apple | Cross-site Scripting vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7666 | Apple | Information Exposure vulnerability in Apple Transporter 1.9.1 An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7665 | Apple | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7657 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7636 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7627 | Apple | NULL Pointer Dereference vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7623 | Apple | Information Exposure vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7607 | Apple | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7605 | Apple | NULL Pointer Dereference vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7599 | Apple | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7598 | Apple | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7592 | Apple | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7586 | Apple | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7581 | Apple | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7580 | Apple | Improper Input Validation vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7579 | Apple | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-7577 | Apple | Information Exposure vulnerability in Apple Iphone OS and mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-4721 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS and mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-4685 | Apple | Inadequate Encryption Strength vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-4680 | Apple | Information Exposure vulnerability in Apple Iphone OS, Tvos and Watchos An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-4679 | Apple | Link Following vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-4665 | Apple | Information Exposure vulnerability in Apple Iphone OS, Tvos and Watchos An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-4664 | Apple | Information Exposure vulnerability in Apple Iphone OS, Tvos and Watchos An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-4663 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-4661 | Apple | Improper Input Validation vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-02-20 | CVE-2016-4613 | Apple | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-02-24 | CVE-2016-9009 | IBM | Improper Input Validation vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. | 4.0 |
2017-02-22 | CVE-2016-8986 | IBM | Improper Access Control vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. | 4.0 |
2017-02-22 | CVE-2016-8915 | IBM | Improper Access Control vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. | 4.0 |
2017-02-22 | CVE-2016-3013 | IBM | Data Processing Errors vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. | 4.0 |
2017-02-22 | CVE-2017-3844 | Cisco | Improper Input Validation vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0 A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. | 4.0 |
2017-02-22 | CVE-2017-3843 | Cisco | Improper Input Validation vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0 A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. | 4.0 |
2017-02-22 | CVE-2017-3839 | Cisco | XXE vulnerability in Cisco Secure Access Control System 5.8(2.5) An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. | 4.0 |
2017-02-22 | CVE-2017-3836 | Cisco | Information Exposure vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2) A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. | 4.0 |
2017-02-21 | CVE-2016-9315 | Trendmicro | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. | 4.0 |
2017-02-21 | CVE-2016-9314 | Trendmicro | Information Exposure vulnerability in Trendmicro Interscan web Security Virtual Appliance Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. | 4.0 |
33 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-02-20 | CVE-2016-4686 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 3.6 |
2017-02-24 | CVE-2016-4043 | Plone | Permissions, Privileges, and Access Controls vulnerability in Plone Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. | 3.5 |
2017-02-23 | CVE-2016-6055 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 3.5 |
2017-02-22 | CVE-2017-3847 | Cisco | Cross-site Scripting vulnerability in Cisco Firepower Management Center 6.2.1 A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 3.5 |
2017-02-21 | CVE-2016-9316 | Trendmicro | Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. | 3.5 |
2017-02-20 | CVE-2016-7650 | Apple | Cross-site Scripting vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 2.6 |
2017-02-24 | CVE-2017-6076 | Wolfssl | Information Exposure vulnerability in Wolfssl In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. | 2.1 |
2017-02-22 | CVE-2016-9384 | XEN | Information Exposure vulnerability in XEN 4.7.0/4.7.1 Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. | 2.1 |
2017-02-22 | CVE-2016-9378 | XEN | Improper Access Control vulnerability in XEN Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery. | 2.1 |
2017-02-22 | CVE-2016-9377 | XEN | Incorrect Calculation vulnerability in XEN Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation. | 2.1 |
2017-02-21 | CVE-2015-4056 | Dell | Cryptographic Issues vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4 The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access. | 2.1 |
2017-02-20 | CVE-2016-6249 | F5 | Information Exposure vulnerability in F5 products F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. | 2.1 |
2017-02-20 | CVE-2017-2352 | Apple | Security Bypass vulnerability in Apple Iphone OS and Watchos An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2017-2351 | Apple | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7765 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7761 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7759 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7714 | Apple | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7664 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7653 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7638 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7634 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7628 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7625 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7624 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7620 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7619 | Apple | Link Following vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7614 | Apple | Information Exposure vulnerability in Apple Icloud 5.2.1/6.0/6.0.1 An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7608 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7600 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-7597 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-02-20 | CVE-2016-4670 | Apple | Credentials Management vulnerability in Apple Iphone OS and mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-02-22 | CVE-2017-6188 | Munin Monitoring Debian | Improper Input Validation vulnerability in multiple products Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. | 1.9 |