Weekly Vulnerabilities Reports > March 6 to 12, 2017

Overview

262 new vulnerabilities reported during this period, including 51 critical vulnerabilities and 63 high severity vulnerabilities. This weekly summary report vulnerabilities in 117 products from 80 vendors including Linux, Google, IBM, Debian, and Openbsd. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "SQL Injection".

  • 240 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities have public exploit available.
  • 82 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 231 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 48 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 22 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

51 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-12 CVE-2017-5626 Oneplus Unspecified vulnerability in Oneplus Oxygenos

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset.

10.0
2017-03-12 CVE-2017-5624 Oneplus Improper Privilege Management vulnerability in Oneplus Oxygenos

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T.

10.0
2017-03-10 CVE-2017-5859 Cambiumnetworks Unspecified vulnerability in Cambiumnetworks Cnpilot R200 Series Firmware

On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vulnerability involving the certificate of the device and its RSA keys, aka RBN-183.

10.0
2017-03-10 CVE-2017-2788 Pharos Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pharos Popup 9.0

A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0.

10.0
2017-03-10 CVE-2017-2785 Pharos Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pharos Popup 9.0

An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0.

10.0
2017-03-09 CVE-2017-6526 Dnatools Improper Authentication vulnerability in Dnatools Dnalims 42015S13

An issue was discovered in dnaTools dnaLIMS 4-2015s13.

10.0
2017-03-09 CVE-2017-6548 Asus Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asus Rt-Ac53 Firmware 3.0.0.4.380.6038

Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages.

10.0
2017-03-08 CVE-2017-5178 Schneider Electric Insecure Default Initialization of Resource vulnerability in Schneider-Electric products

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior.

10.0
2017-03-11 CVE-2017-5638 Apache
IBM
Lenovo
HP
Oracle
Arubanetworks
Netapp
Improper Handling of Exceptional Conditions vulnerability in multiple products

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

9.8
2017-03-07 CVE-2017-3159 Apache Deserialization of Untrusted Data vulnerability in Apache Camel

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability.

9.8
2017-03-11 CVE-2017-6466 F Secure Improper Input Validation vulnerability in F-Secure Software Updater 2.20

F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download.

9.3
2017-03-10 CVE-2017-6798 Trendmicro Untrusted Search Path vulnerability in Trendmicro Endpoint Sensor 1.6

Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208.

9.3
2017-03-10 CVE-2017-2787 Pharos Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pharos Popup 9.0

A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0.

9.3
2017-03-09 CVE-2017-6432 Dahuasecurity Cleartext Transmission of Sensitive Information vulnerability in Dahuasecurity NVR Firmware 3.210.0001.10

An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices.

9.3
2017-03-09 CVE-2017-6549 Asus Improper Authentication vulnerability in Asus Rt-Ac53 Firmware 3.0.0.4.380.6038

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.

9.3
2017-03-08 CVE-2017-0528 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process.

9.3
2017-03-08 CVE-2017-0522 Google Privilege Escalation vulnerability in Google Android MediaTek APK

An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process.

9.3
2017-03-08 CVE-2017-0510 Linux Privilege Escalation vulnerability in Linux Kernel 3.10

An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0509 Google Privilege Escalation vulnerability in Google Android Broadcom Wi-Fi Driver

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0508 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0507 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0506 Google Privilege Escalation vulnerability in Google Android MediaTek Components

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0505 Google Privilege Escalation vulnerability in Google Android MediaTek Components

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0504 Google Privilege Escalation vulnerability in Google Android MediaTek Components

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0503 Google Privilege Escalation vulnerability in Google Android MediaTek Components

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0502 Google Privilege Escalation vulnerability in Google Android MediaTek Components

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0501 Google Privilege Escalation vulnerability in Google Android MediaTek Components

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0500 Google Privilege Escalation vulnerability in Google Android MediaTek Components

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0481 Google Classic Buffer Overflow vulnerability in Google Android

An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process.

9.3
2017-03-08 CVE-2017-0480 Google Privilege Escalation vulnerability in Google Android Audioserver

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.

9.3
2017-03-08 CVE-2017-0479 Google Privilege Escalation vulnerability in Google Android Audioserver

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.

9.3
2017-03-08 CVE-2017-0475 Google Improper Input Validation vulnerability in Google Android

An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0474 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 7.0/7.1.0/7.1.1

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-03-08 CVE-2017-0473 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-03-08 CVE-2017-0472 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-03-08 CVE-2017-0471 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-03-08 CVE-2017-0470 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-03-08 CVE-2017-0469 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-03-08 CVE-2017-0468 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-03-08 CVE-2017-0467 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-03-08 CVE-2017-0466 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-03-08 CVE-2017-0455 Linux Information Exposure vulnerability in Linux Kernel 3.18

An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader.

9.3
2017-03-08 CVE-2017-0338 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0337 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0335 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0333 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0307 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2017-0306 Linux Classic Buffer Overflow vulnerability in Linux Kernel 3.10

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-08 CVE-2016-8479 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-03-06 CVE-2017-6351 Wepresent Use of Hard-coded Credentials vulnerability in Wepresent Wipg-1500 Firmware 1.0.3.7

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password.

9.3
2017-03-07 CVE-2016-9726 IBM Improper Input Validation vulnerability in IBM products

IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system.

9.0

63 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-11 CVE-2010-4314 Novell Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Novell Iprint

Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter.

8.8
2017-03-10 CVE-2016-8714 R Project
Debian
Classic Buffer Overflow vulnerability in multiple products

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0.

8.8
2017-03-06 CVE-2017-6411 Dlink Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dsl-2730U Firmware In1.00

Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.

8.8
2017-03-06 CVE-2017-6334 Netgear OS Command Injection vulnerability in Netgear Dgn2200 Series Firmware 10.0.0.50

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.

8.8
2017-03-07 CVE-2016-9727 IBM Improper Input Validation vulnerability in IBM products

IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system.

8.5
2017-03-06 CVE-2017-5633 D Link Cross-Site Request Forgery (CSRF) vulnerability in D-Link Di-524 Firmware 9.01

Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs.

8.0
2017-03-12 CVE-2017-6444 Mikrotik Resource Exhaustion vulnerability in Mikrotik Routeros 6.25

The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets.

7.8
2017-03-09 CVE-2017-6552 Sagemcom Resource Exhaustion vulnerability in Sagemcom Livebox Firmware 5.15.8.1

Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes.

7.8
2017-03-07 CVE-2016-9740 IBM Resource Management Errors vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor.

7.8
2017-03-07 CVE-2016-6244 Openbsd Improper Input Validation vulnerability in Openbsd 5.9

The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value.

7.8
2017-03-08 CVE-2017-0527 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0526 Linux Privilege Escalation vulnerability in Linux Kernel 3.10

An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0525 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0524 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0523 Linux
Google
Privilege Escalation vulnerability in Linux Kernel

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0521 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0520 Linux Classic Buffer Overflow vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0519 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0518 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0517 Google Privilege Escalation vulnerability in Google Android MediaTek Hardware Sensor Driver

An elevation of privilege vulnerability in the MediaTek hardware sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0516 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0464 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0463 Linux Improper Input Validation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0460 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0458 Linux Improper Input Validation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0457 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0456 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2017-0453 Linux Out-of-bounds Write vulnerability in Linux Kernel 3.10

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-08 CVE-2016-8417 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-03-10 CVE-2017-6802 Ytnef Project
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in ytnef before 1.9.2.

7.5
2017-03-10 CVE-2017-6801 Ytnef Project
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in ytnef before 1.9.2.

7.5
2017-03-10 CVE-2017-6800 Ytnef Project
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in ytnef before 1.9.2.

7.5
2017-03-10 CVE-2017-6506 Azure DEX Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Azure DEX Data Expert Ultimate 2.2.16

In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution.

7.5
2017-03-10 CVE-2017-2786 Pharos Out-of-bounds Read vulnerability in Pharos Popup 9.0

A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0.

7.5
2017-03-10 CVE-2017-6311 Gnome
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.

7.5
2017-03-10 CVE-2017-6465 Ftpshell Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ftpshell Client 6.53

Remote Code Execution was discovered in FTPShell Client 6.53.

7.5
2017-03-07 CVE-2016-9724 IBM XXE vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.

7.5
2017-03-07 CVE-2016-9087 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS

SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.

7.5
2017-03-07 CVE-2016-9020 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS

SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.

7.5
2017-03-07 CVE-2016-9019 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS

SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.

7.5
2017-03-07 CVE-2016-8863 Libupnp Project
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.

7.5
2017-03-07 CVE-2016-7789 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS

SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.

7.5
2017-03-07 CVE-2016-7788 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS

SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2017-03-07 CVE-2016-7784 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS

SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.

7.5
2017-03-07 CVE-2016-7783 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS

SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

7.5
2017-03-07 CVE-2016-7782 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS

SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.

7.5
2017-03-07 CVE-2016-7781 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS

SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.

7.5
2017-03-07 CVE-2016-7780 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS

SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.

7.5
2017-03-07 CVE-2016-7145 Nefarious2 Project Improper Authentication vulnerability in Nefarious2 Project Nefarious2 2.0

The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

7.5
2017-03-06 CVE-2017-6416 Flexense Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Sysgauge 1.5.18

An issue was discovered in SysGauge 1.5.18.

7.5
2017-03-07 CVE-2016-6241 Openbsd Integer Overflow or Wraparound vulnerability in Openbsd 5.8/5.9

Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.

7.2
2017-03-07 CVE-2016-6240 Openbsd Numeric Errors vulnerability in Openbsd 5.8/5.9

Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.

7.2
2017-03-10 CVE-2017-6313 Gnome
Fedoraproject
Debian
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.

7.1
2017-03-08 CVE-2017-0499 Google Improper Input Validation vulnerability in Google Android

A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot.

7.1
2017-03-08 CVE-2017-0488 Google Improper Input Validation vulnerability in Google Android

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-03-08 CVE-2017-0487 Google Denial of Service vulnerability in Google Android Mediaserver

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-03-08 CVE-2017-0486 Google Denial of Service vulnerability in Google Android Mediaserver

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-03-08 CVE-2017-0485 Google Denial of Service vulnerability in Google Android Mediaserver

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-03-08 CVE-2017-0484 Google Improper Input Validation vulnerability in Google Android

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-03-08 CVE-2017-0483 Google Improper Input Validation vulnerability in Google Android

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-03-08 CVE-2017-0482 Google Denial of Service vulnerability in Google Android Mediaserver

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-03-07 CVE-2017-2636 Linux
Debian
Double Free vulnerability in multiple products

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

7.0
2017-03-07 CVE-2016-10200 Linux
Google
Use After Free vulnerability in multiple products

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.

7.0

121 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-09 CVE-2017-6590 Canonical Incorrect Authorization vulnerability in Canonical Ubuntu Linux

An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10.

6.9
2017-03-09 CVE-2017-6529 Dnatools Insufficient Session Expiration vulnerability in Dnatools Dnalims 42015S13

An issue was discovered in dnaTools dnaLIMS 4-2015s13.

6.8
2017-03-08 CVE-2017-0478 Google Remote Code Execution vulnerability in Google Android Framesequence Library

A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process.

6.8
2017-03-08 CVE-2017-0477 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 7.0/7.1.0/7.1.1

A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process.

6.8
2017-03-08 CVE-2017-0476 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

6.8
2017-03-07 CVE-2016-9693 IBM Improper Input Validation vulnerability in IBM Business Process Manager and Websphere

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks.

6.8
2017-03-07 CVE-2016-8971 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations.

6.8
2017-03-06 CVE-2016-10244 Freetype
Debian
Out-of-bounds Read vulnerability in multiple products

The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.

6.8
2017-03-12 CVE-2017-6823 Fiyo Authentication Bypass by Capture-replay vulnerability in Fiyo CMS 2.0.6.1

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.

6.5
2017-03-11 CVE-2017-6513 Softaculous Permission Issues vulnerability in Softaculous Whmcs Reseller Module 2.0.2

The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.

6.5
2017-03-09 CVE-2017-6578 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-03-09 CVE-2017-6577 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-03-09 CVE-2017-6576 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-03-09 CVE-2017-6575 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-03-09 CVE-2017-6574 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-03-09 CVE-2017-6573 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-03-09 CVE-2017-6572 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-03-09 CVE-2017-6571 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-03-09 CVE-2017-6570 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-03-07 CVE-2016-9729 IBM Improper Authentication vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.

6.4
2017-03-08 CVE-2017-6543 Tenable
Microsoft
Unspecified vulnerability in Tenable Appliance and Nessus

Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system.

6.0
2017-03-12 CVE-2017-6815 Wordpress
Debian
Improper Input Validation vulnerability in Wordpress

In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.

5.8
2017-03-07 CVE-2016-7137 Plone Open Redirect vulnerability in Plone

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.

5.8
2017-03-12 CVE-2017-6816 Wordpress
Debian
Incorrect Authorization vulnerability in Wordpress

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

5.5
2017-03-10 CVE-2017-6314 Gnome
Fedoraproject
Debian
Infinite Loop vulnerability in multiple products

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

5.5
2017-03-10 CVE-2017-6312 Gnome
Fedoraproject
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

5.5
2017-03-08 CVE-2017-0497 Google Denial of Service vulnerability in Google Android 7.0/7.1.0/7.1.1

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

5.4
2017-03-10 CVE-2017-6427 Evostream Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Evostream Media Server 1.7.1

A Buffer Overflow was discovered in EvoStream Media Server 1.7.1.

5.0
2017-03-10 CVE-2017-5872 Unisys Improper Input Validation vulnerability in Unisys Clearpath MCP 57.1/58.1/59.1

The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruption) via a client hello with a signature_algorithms extension above those defined in RFC 5246, which triggers a full memory dump.

5.0
2017-03-10 CVE-2015-2330 Webkitgtk Improper Certificate Validation vulnerability in Webkitgtk

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.

5.0
2017-03-10 CVE-2017-4960 Pivotal Software
Cloudfoundry
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26.
5.0
2017-03-09 CVE-2017-6527 Dnatools Path Traversal vulnerability in Dnatools Dnalims 42015S13

An issue was discovered in dnaTools dnaLIMS 4-2015s13.

5.0
2017-03-09 CVE-2017-6558 Iball Use of Hard-coded Credentials vulnerability in Iball Ib-Wra150N Firmware 1.2.6

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.

5.0
2017-03-07 CVE-2017-5681 Intel Unspecified vulnerability in Intel Quickassist Technology Engine 0.5.18

The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.

5.0
2017-03-07 CVE-2016-9728 IBM SQL Injection vulnerability in IBM Qradar Security Information and Event Manager

IBM Qradar 7.2 is vulnerable to SQL injection.

5.0
2017-03-07 CVE-2016-9725 IBM Information Exposure vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them.

5.0
2017-03-07 CVE-2016-9720 IBM Information Exposure vulnerability in IBM products

IBM QRadar 7.2 discloses sensitive information to unauthorized users.

5.0
2017-03-07 CVE-2016-9643 Webkit Resource Exhaustion vulnerability in Webkit 2.4.11

The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).

5.0
2017-03-07 CVE-2016-6255 Debian
Libupnp Project
Improper Access Control vulnerability in multiple products

Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.

5.0
2017-03-07 CVE-2016-4950 Cloudera Information Exposure vulnerability in Cloudera Manager

Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions.

5.0
2017-03-07 CVE-2016-4949 Cloudera Information Exposure vulnerability in Cloudera Manager

Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.

5.0
2017-03-07 CVE-2016-4947 Cloudera Information Exposure vulnerability in Cloudera HUE

Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.

5.0
2017-03-07 CVE-2016-9164 CA Path Traversal vulnerability in CA Unified Infrastructure Management

Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2017-03-06 CVE-2017-5999 Syspass Inadequate Encryption Strength vulnerability in Syspass 2.0

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers.

5.0
2017-03-06 CVE-2017-6497 Imagemagick NULL Pointer Dereference vulnerability in Imagemagick 6.9.7

An issue was discovered in ImageMagick 6.9.7.

5.0
2017-03-08 CVE-2016-5933 IBM 7PK - Security Features vulnerability in IBM Tivoli Monitoring

IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass.

4.9
2017-03-07 CVE-2016-6522 Openbsd Integer Overflow or Wraparound vulnerability in Openbsd 5.9

Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.

4.9
2017-03-07 CVE-2016-6350 Openbsd NULL Pointer Dereference vulnerability in Openbsd 5.8/5.9

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.

4.9
2017-03-07 CVE-2016-6247 Openbsd Improper Input Validation vulnerability in Openbsd 5.8/5.9

OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.

4.9
2017-03-07 CVE-2016-6246 Openbsd Improper Input Validation vulnerability in Openbsd 5.8/5.9

OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.

4.9
2017-03-07 CVE-2016-6245 Openbsd Memory Corruption and Denial of Service vulnerability in Openbsd 5.8/5.9

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.

4.9
2017-03-07 CVE-2016-6243 Openbsd Improper Input Validation vulnerability in Openbsd 5.8/5.9

thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.

4.9
2017-03-07 CVE-2016-6242 Openbsd Numeric Errors vulnerability in Openbsd 5.8/5.9

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.

4.9
2017-03-07 CVE-2016-6239 Openbsd Improper Input Validation vulnerability in Openbsd 5.8/5.9

The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.

4.9
2017-03-12 CVE-2017-6820 Roundcube Cross-site Scripting vulnerability in Roundcube Webmail

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.

4.3
2017-03-12 CVE-2017-6819 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources.

4.3
2017-03-12 CVE-2017-6818 Wordpress Cross-site Scripting vulnerability in Wordpress

In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.

4.3
2017-03-11 CVE-2017-6812 Mangoswebv4 Project Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8

paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).

4.3
2017-03-11 CVE-2017-6811 Mangoswebv4 Project Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8

paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).

4.3
2017-03-11 CVE-2017-6810 Mangoswebv4 Project Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8

paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter).

4.3
2017-03-11 CVE-2017-6809 Mangoswebv4 Project Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8

paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter).

4.3
2017-03-11 CVE-2017-6808 Mangoswebv4 Project Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8

paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter).

4.3
2017-03-10 CVE-2017-6799 Mantisbt Cross-site Scripting vulnerability in Mantisbt

A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.

4.3
2017-03-10 CVE-2017-6596 Partclone Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Partclone Project Partclone 0.2.89

partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header.

4.3
2017-03-10 CVE-2017-6797 Mantisbt Cross-site Scripting vulnerability in Mantisbt

A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.

4.3
2017-03-09 CVE-2017-6591 Django Epiceditor Project Cross-site Scripting vulnerability in Django-Epiceditor Project Django-Epiceditor 0.2.3

There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.

4.3
2017-03-09 CVE-2017-6589 Epiceditor Project Cross-site Scripting vulnerability in Epiceditor Project Epiceditor

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration.

4.3
2017-03-09 CVE-2017-6528 Dnatools Insufficiently Protected Credentials vulnerability in Dnatools Dnalims 42015S13

An issue was discovered in dnaTools dnaLIMS 4-2015s13.

4.3
2017-03-09 CVE-2017-6562 Agora Project Cross-site Scripting vulnerability in Agora-Project 3.2.2

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.

4.3
2017-03-09 CVE-2017-6561 Agora Project Cross-site Scripting vulnerability in Agora-Project 3.2.2

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.

4.3
2017-03-09 CVE-2017-6560 Agora Project Cross-site Scripting vulnerability in Agora-Project 3.2.2

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.

4.3
2017-03-09 CVE-2017-6559 Agora Project Cross-site Scripting vulnerability in Agora-Project 3.2.2

XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.

4.3
2017-03-09 CVE-2017-6547 Asus Cross-site Scripting vulnerability in Asus Rt-Ac53 Firmware 3.0.0.4.380.6038

Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters.

4.3
2017-03-08 CVE-2017-6544 Wuhu Project Cross-site Scripting vulnerability in Wuhu Project Wuhu

Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter).

4.3
2017-03-08 CVE-2017-6541 Webpagetest Project Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0.

4.3
2017-03-08 CVE-2017-6540 Webpagetest Project Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0.

4.3
2017-03-08 CVE-2017-6539 Webpagetest Project Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0.

4.3
2017-03-08 CVE-2017-6538 Webpagetest Project Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0.

4.3
2017-03-08 CVE-2017-6537 Webpagetest Project Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0.

4.3
2017-03-08 CVE-2017-6536 Webpagetest Project Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0.

4.3
2017-03-08 CVE-2017-6535 Webpagetest Project Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0.

4.3
2017-03-08 CVE-2017-6534 Webpagetest Project Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0.

4.3
2017-03-08 CVE-2017-6533 Webpagetest Project Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0.

4.3
2017-03-08 CVE-2017-0529 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels.

4.3
2017-03-08 CVE-2017-0496 Google Denial of Service vulnerability in Google Android Setup Wizard

A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device.

4.3
2017-03-08 CVE-2017-0495 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels.

4.3
2017-03-08 CVE-2017-0494 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels.

4.3
2017-03-08 CVE-2017-0492 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 7.0/7.1.0/7.1.1

An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen.

4.3
2017-03-08 CVE-2017-0491 Google Privilege Escalation vulnerability in Google Android Package Manager

An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications.

4.3
2017-03-08 CVE-2017-0490 Google Privilege Escalation vulnerability in Google Android Wi-Fi

An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data.

4.3
2017-03-08 CVE-2017-0489 Google Remote Privilege Escalation vulnerability in Google Android Location Manager

An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data.

4.3
2017-03-08 CVE-2017-0336 Linux Information Exposure vulnerability in Linux Kernel 3.18

An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels.

4.3
2017-03-08 CVE-2017-0334 Linux Information Exposure vulnerability in Linux Kernel 3.18

An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels.

4.3
2017-03-08 CVE-2016-8483 Linux Information Exposure vulnerability in Linux Kernel 3.10

An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels.

4.3
2017-03-08 CVE-2017-6518 Sanadata Cross-site Scripting vulnerability in Sanadata Sanacms 7.3

Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter.

4.3
2017-03-07 CVE-2016-9245 F5 Improper Access Control vulnerability in F5 products

In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart.

4.3
2017-03-07 CVE-2017-6511 Finecms Project Cross-site Scripting vulnerability in Finecms Project Finecms 2.1.0

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php.

4.3
2017-03-07 CVE-2016-9730 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

4.3
2017-03-07 CVE-2016-9723 IBM Cross-site Scripting vulnerability in IBM products

IBM QRadar 7.2 is vulnerable to cross-site scripting.

4.3
2017-03-07 CVE-2017-6509 Burgundy CMS Project Cross-site Scripting vulnerability in Burgundy-Cms Project Burgundy-Cms

Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter).

4.3
2017-03-07 CVE-2016-7140 Plone Cross-site Scripting vulnerability in Plone

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2017-03-07 CVE-2016-7139 Plone Cross-site Scripting vulnerability in Plone

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2017-03-07 CVE-2016-7138 Plone Cross-site Scripting vulnerability in Plone

Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2017-03-07 CVE-2016-7136 Plone Cross-site Scripting vulnerability in Plone

z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.

4.3
2017-03-07 CVE-2016-4948 Cloudera Cross-site Scripting vulnerability in Cloudera Manager

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect.

4.3
2017-03-07 CVE-2016-4946 Cloudera Cross-site Scripting vulnerability in Cloudera HUE

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.

4.3
2017-03-07 CVE-2016-9148 CA Cross-site Scripting vulnerability in CA Service Desk Manager 12.9/14.1

Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.

4.3
2017-03-07 CVE-2016-5315 Libtiff
Debian
Out-of-bounds Read vulnerability in multiple products

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.

4.3
2017-03-07 CVE-2016-10040 QT Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in QT Qxmlsimplereader 4.8.5

Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.

4.3
2017-03-07 CVE-2013-5653 Artifex
Debian
Information Exposure vulnerability in multiple products

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

4.3
2017-03-07 CVE-2017-6508 GNU CRLF Injection vulnerability in GNU Wget

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

4.3
2017-03-06 CVE-2017-5197 Silverstripe Cross-site Scripting vulnerability in Silverstripe

There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2.

4.3
2017-03-06 CVE-2017-6504 Qbittorrent Improper Input Validation vulnerability in Qbittorrent

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.

4.3
2017-03-06 CVE-2017-6503 Qbittorrent Cross-site Scripting vulnerability in Qbittorrent

WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.

4.3
2017-03-06 CVE-2017-6502 Imagemagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 6.9.7

An issue was discovered in ImageMagick 6.9.7.

4.3
2017-03-06 CVE-2017-6501 Imagemagick NULL Pointer Dereference vulnerability in Imagemagick 6.9.7

An issue was discovered in ImageMagick 6.9.7.

4.3
2017-03-06 CVE-2017-6500 Imagemagick
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in ImageMagick 6.9.7.

4.3
2017-03-06 CVE-2017-6499 Imagemagick
Debian
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

An issue was discovered in Magick++ in ImageMagick 6.9.7.

4.3
2017-03-06 CVE-2017-6498 Imagemagick
Debian
Improper Input Validation vulnerability in multiple products

An issue was discovered in ImageMagick 6.9.7.

4.3
2017-03-07 CVE-2016-8940 IBM Information Exposure vulnerability in IBM Tivoli Storage Manager

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries.

4.0
2017-03-07 CVE-2016-7135 Plone Path Traversal vulnerability in Plone

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a ..

4.0

27 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-12 CVE-2017-6817 Wordpress
Debian
Cross-site Scripting vulnerability in Wordpress

In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.

3.5
2017-03-12 CVE-2017-6814 Wordpress
Debian
Cross-site Scripting vulnerability in Wordpress

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata.

3.5
2017-03-09 CVE-2017-6556 Cmsmadesimple Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6

Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.

3.5
2017-03-09 CVE-2017-6555 Cmsmadesimple Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6

Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").

3.5
2017-03-08 CVE-2017-1150 IBM Improper Privilege Management vulnerability in IBM DB2 10.1/10.5/11.1

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view.

3.5
2017-03-08 CVE-2016-9006 IBM Cross-site Scripting vulnerability in IBM Urbancode Deploy

IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting.

3.5
2017-03-07 CVE-2017-1133 IBM Cross-site Scripting vulnerability in IBM products

IBM QRadar 7.2 is vulnerable to cross-site scripting.

3.5
2017-03-08 CVE-2017-0537 Linux Information Exposure vulnerability in Linux Kernel 3.18

An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2017-0536 Linux Information Exposure vulnerability in Linux Kernel 3.10/3.18

An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2017-0535 Linux Information Exposure vulnerability in Linux Kernel 3.10

An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2017-0534 Linux Information Exposure vulnerability in Linux Kernel 3.18

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2017-0533 Linux Information Exposure vulnerability in Linux Kernel 3.18

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2017-0532 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2017-0531 Linux Information Exposure vulnerability in Linux Kernel 3.10/3.18

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2017-0461 Linux Information Exposure vulnerability in Linux Kernel 3.10/3.18

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2017-0459 Linux Information Exposure vulnerability in Linux Kernel 3.18

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2017-0452 Linux Information Exposure vulnerability in Linux Kernel 3.10

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2016-8478 Linux Information Exposure vulnerability in Linux Kernel 3.18

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2016-8477 Linux Information Exposure vulnerability in Linux Kernel 3.10/3.18

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2016-8416 Linux Information Exposure vulnerability in Linux Kernel 3.18

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-08 CVE-2016-8413 Linux Information Exposure vulnerability in Linux Kernel 3.10/3.18

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-03-12 CVE-2014-9645 Busybox Improper Input Validation vulnerability in Busybox

The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.

2.1
2017-03-10 CVE-2017-6355 Freedesktop Integer Overflow or Wraparound vulnerability in Freedesktop Virglrenderer

Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.

2.1
2017-03-08 CVE-2016-9985 IBM Information Exposure Through Log Files vulnerability in IBM Cognos Business Intelligence 10.1.1/10.2

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user.

2.1
2017-03-08 CVE-2017-0498 Google Denial of Service vulnerability in Google Android Setup Wizard

A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset.

2.1
2017-03-08 CVE-2016-5894 IBM Information Exposure vulnerability in IBM Websphere Commerce

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability.

1.9
2017-03-07 CVE-2017-1124 IBM Information Exposure vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection.

1.9