Weekly Vulnerabilities Reports > March 27 to April 2, 2017
Overview
397 new vulnerabilities reported during this period, including 42 critical vulnerabilities and 62 high severity vulnerabilities. This weekly summary report vulnerabilities in 464 products from 99 vendors including Apple, Huawei, Imagemagick, IBM, and Revive Adserver. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Information Exposure", and "Improper Access Control".
- 337 reported vulnerabilities are remotely exploitables.
- 48 reported vulnerabilities have public exploit available.
- 102 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 319 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 116 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 24 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
42 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-04-02 | CVE-2017-2434 | Apple | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 10.0 |
2017-03-31 | CVE-2017-3010 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. | 10.0 |
2017-03-30 | CVE-2016-10308 | Siklu | Use of Hard-coded Credentials vulnerability in Siklu Etherhaul Firmware 6.0 Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. | 10.0 |
2017-03-30 | CVE-2016-10307 | Gotrango | Use of Hard-coded Credentials vulnerability in Gotrango products Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). | 10.0 |
2017-03-30 | CVE-2016-10306 | Trango | Use of Hard-coded Credentials vulnerability in Trango A600 Firmware Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. | 10.0 |
2017-03-30 | CVE-2016-10305 | Gotrango | Use of Hard-coded Credentials vulnerability in Gotrango products Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. | 10.0 |
2017-03-29 | CVE-2017-5226 | Projectatomic | Improper Input Validation vulnerability in Projectatomic Bubblewrap When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox. | 10.0 |
2017-03-28 | CVE-2016-10152 | Hesiod Project | Permissions, Privileges, and Access Controls vulnerability in Hesiod Project Hesiod The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. | 10.0 |
2017-03-28 | CVE-2016-8749 | Apache | Deserialization of Untrusted Data vulnerability in Apache Camel Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. | 9.8 |
2017-03-27 | CVE-2017-6542 | Putty Opensuse Project Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. | 9.8 |
2017-03-27 | CVE-2017-7269 | Microsoft | Classic Buffer Overflow vulnerability in Microsoft Internet Information Server 6.0 Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. | 9.8 |
2017-04-02 | CVE-2016-8768 | Huawei | 7PK - Security Features vulnerability in Huawei products Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege. | 9.3 |
2017-04-02 | CVE-2016-8763 | Huawei | Improper Control of a Resource Through its Lifetime vulnerability in Huawei P8 Lite Firmware, P9 Firmware and P9 Lite Firmware The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation. | 9.3 |
2017-04-02 | CVE-2016-8761 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Honor 6 Firmware, P9 Firmware and P9 Plus Firmware Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege. | 9.3 |
2017-04-02 | CVE-2016-8760 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Honor 6 Firmware, P9 Firmware and P9 Plus Firmware Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege. | 9.3 |
2017-04-02 | CVE-2016-8759 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Honor 6 Firmware, P9 Firmware and P9 Plus Firmware Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege. | 9.3 |
2017-04-02 | CVE-2017-2490 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2485 | Apple | Use After Free vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2483 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2482 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2474 | Apple | Multiple Security vulnerability in Apple iOS/tvOS/macOS/watchOS An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2473 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2472 | Apple | Use After Free vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2458 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2451 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2449 | Apple | Use After Free vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2443 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2441 | Apple | Use After Free vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2440 | Apple | Integer Overflow or Wraparound vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2438 | Apple | Use After Free vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2436 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2427 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2422 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2421 | Apple | Race Condition vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2420 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2410 | Apple | Improper Input Validation vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2408 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2401 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-04-02 | CVE-2017-2398 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-03-28 | CVE-2016-9470 | Revive Adserver | 7PK - Security Features vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. | 9.3 |
2017-04-02 | CVE-2016-8801 | Huawei | Command Injection vulnerability in Huawei Oceanstor 5600 V3 Firmware Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege. | 9.0 |
2017-03-30 | CVE-2017-7253 | Dahuasecurity | Insecure Storage of Sensitive Information vulnerability in Dahuasecurity IP Camera Firmware 3.200.0001.6 Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. | 9.0 |
62 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-03-27 | CVE-2017-6458 | NTP HPE Apple Siemens | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | 8.8 |
2017-03-27 | CVE-2017-5931 | Qemu | Integer Overflow or Wraparound vulnerability in Qemu Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow. | 8.8 |
2017-03-31 | CVE-2016-6111 | IBM | XXE vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.5 |
2017-03-27 | CVE-2015-0864 | Samsung | Permissions, Privileges, and Access Controls vulnerability in Samsung Galaxy APP and Samsung Account APP Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | 7.9 |
2017-03-27 | CVE-2015-0863 | Samsung | Permissions, Privileges, and Access Controls vulnerability in Samsung Galaxy APP and Samsung Account APP GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | 7.9 |
2017-04-02 | CVE-2016-8798 | Huawei | Improper Access Control vulnerability in Huawei Usg5500 Firmware V300R001C00/V300R001C10 Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server. | 7.8 |
2017-04-02 | CVE-2016-8796 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. | 7.8 |
2017-04-02 | CVE-2015-7844 | Huawei | Improper Input Validation vulnerability in Huawei Fusionaccess V100R005C10/V100R005C20 Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable. | 7.8 |
2017-04-02 | CVE-2014-8572 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service. | 7.8 |
2017-04-02 | CVE-2014-4706 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software V200R003C00SPC300; S2750 with software V200R003C00SPC300; S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S5700 with software V200R001C00SPC300,V200R003C00SPC300; S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S7700 with software V200R001C00SPC300; S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S9300E with software V200R003C00SPC300,V200R003C00SPC500 allow attackers to keep sending malformed packets to cause a denial of service (DoS) attack, aka a heap overflow. | 7.8 |
2017-04-02 | CVE-2014-3224 | Huawei | Resource Management Errors vulnerability in Huawei products Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sending malformed packets to these vulnerable products. | 7.8 |
2017-04-02 | CVE-2014-3223 | Huawei | Data Processing Errors vulnerability in Huawei products Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packets. | 7.8 |
2017-03-31 | CVE-2017-7374 | Linux | Use After Free vulnerability in Linux Kernel Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. | 7.8 |
2017-03-31 | CVE-2016-6561 | Illumos | NULL Pointer Dereference vulnerability in Illumos illumos smbsrv NULL pointer dereference allows system crash. | 7.8 |
2017-03-31 | CVE-2016-6560 | Illumos | Improper Input Validation vulnerability in Illumos illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. | 7.8 |
2017-03-31 | CVE-2014-9114 | Opensuse Fedoraproject Kernel | Command Injection vulnerability in multiple products Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | 7.8 |
2017-03-31 | CVE-2017-2647 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. | 7.8 |
2017-03-29 | CVE-2017-7308 | Linux | Incorrect Conversion between Numeric Types vulnerability in Linux Kernel The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. | 7.8 |
2017-03-29 | CVE-2017-7285 | Mikrotik | Resource Exhaustion vulnerability in Mikrotik Routeros 6.38.5 A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. | 7.8 |
2017-03-29 | CVE-2017-7294 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. | 7.8 |
2017-03-28 | CVE-2017-6964 | Canonical Debian | Unchecked Return Value vulnerability in multiple products dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. | 7.8 |
2017-03-27 | CVE-2017-5237 | Eviewgps | Improper Authentication vulnerability in Eviewgps Ev-07S GPS Tracker Firmware Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!" | 7.8 |
2017-03-27 | CVE-2017-5850 | Openbsd | Allocation of Resources Without Limits or Throttling vulnerability in Openbsd 6.0 httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header. | 7.8 |
2017-03-27 | CVE-2017-5330 | Fedoraproject KDE | OS Command Injection vulnerability in multiple products ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | 7.8 |
2017-04-02 | CVE-2017-2478 | Apple | Race Condition vulnerability in Apple products An issue was discovered in certain Apple products. | 7.6 |
2017-04-02 | CVE-2017-2456 | Apple | Race Condition vulnerability in Apple products An issue was discovered in certain Apple products. | 7.6 |
2017-04-02 | CVE-2014-9693 | Huawei | Data Processing Errors vulnerability in Huawei products Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to execute arbitrary code or restart the system via crafted DNS packets. | 7.5 |
2017-04-02 | CVE-2014-4707 | Huawei | Improper Access Control vulnerability in Huawei products Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism. | 7.5 |
2017-04-02 | CVE-2017-2477 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 7.5 |
2017-04-02 | CVE-2017-2428 | Apple | Remote Security vulnerability in Nghttp2 An issue was discovered in certain Apple products. | 7.5 |
2017-04-02 | CVE-2017-2423 | Apple | Improper Verification of Cryptographic Signature vulnerability in Apple Iphone OS and mac OS X An issue was discovered in certain Apple products. | 7.5 |
2017-04-02 | CVE-2017-2402 | Apple | Multiple Security vulnerability in Apple macOS APPLE-SA-2017-03-27-3 An issue was discovered in certain Apple products. | 7.5 |
2017-03-31 | CVE-2016-9707 | IBM | XXE vulnerability in IBM products IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 7.5 |
2017-03-31 | CVE-2014-5009 | Snoopy Redhat Nagios | Command Injection vulnerability in multiple products Snoopy allows remote attackers to execute arbitrary commands. | 7.5 |
2017-03-31 | CVE-2014-5008 | Snoopy Redhat Debian | Command Injection vulnerability in multiple products Snoopy allows remote attackers to execute arbitrary commands. | 7.5 |
2017-03-31 | CVE-2014-3931 | Multi Router Looking Glass Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Multi-Router Looking Glass Project Multi-Router Looking Glass fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. | 7.5 |
2017-03-31 | CVE-2008-7313 | Snoopy Redhat Nagios | Command Injection vulnerability in multiple products The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. | 7.5 |
2017-03-30 | CVE-2017-6182 | Sophos | OS Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | 7.5 |
2017-03-30 | CVE-2017-5185 | Microfocus | Improper Input Validation vulnerability in Microfocus Sentinel 8.0/8.0.0.1 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | 7.5 |
2017-03-30 | CVE-2014-9826 | Imagemagick | 7PK - Errors vulnerability in Imagemagick ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. | 7.5 |
2017-03-30 | CVE-2017-7324 | Modx | Code Injection vulnerability in Modx Revolution setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | 7.5 |
2017-03-30 | CVE-2017-7321 | Modx | Code Injection vulnerability in Modx Revolution setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | 7.5 |
2017-03-30 | CVE-2016-10309 | Ceragon | Improper Authentication vulnerability in Ceragon Fibeair Ip-10 Firmware In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. | 7.5 |
2017-03-29 | CVE-2014-3582 | Apache | Code Injection vulnerability in Apache Ambari In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | 7.5 |
2017-03-29 | CVE-2016-9924 | Zimbra Synacor | XXE vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | 7.5 |
2017-03-29 | CVE-2009-5147 | Ruby Lang | Improper Input Validation vulnerability in Ruby-Lang Ruby DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. | 7.5 |
2017-03-28 | CVE-2016-6807 | Apache | Improper Access Control vulnerability in Apache Ambari 2.4.0/2.4.1 Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. | 7.5 |
2017-03-28 | CVE-2014-6440 | Videolan | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC 2.1.4 VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. | 7.5 |
2017-03-28 | CVE-2016-9125 | Revive Adserver | Session Fixation vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. | 7.5 |
2017-03-27 | CVE-2017-7191 | Irssi | Use After Free vulnerability in Irssi The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | 7.5 |
2017-03-27 | CVE-2016-9243 | Cryptography IO Fedoraproject Canonical | HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. | 7.5 |
2017-03-27 | CVE-2017-6013 | Intelliants | SQL Injection vulnerability in Intelliants Subrion CMS 4.0.5.10 Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. | 7.5 |
2017-04-02 | CVE-2016-8775 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. | 7.2 |
2017-04-02 | CVE-2016-8774 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. | 7.2 |
2017-04-02 | CVE-2016-8274 | Huawei | Improper Access Control vulnerability in Huawei Hisuite 4.0.5.300Ove Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. | 7.2 |
2017-04-02 | CVE-2017-2437 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 7.2 |
2017-03-29 | CVE-2017-5671 | Honeywell | Improper Privilege Management vulnerability in Honeywell products Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. | 7.2 |
2017-03-27 | CVE-2016-10225 | Allwinnertech Allwinner | Permissions, Privileges, and Access Controls vulnerability in Allwinnertech Linux-3.4-Sunxi The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug. | 7.2 |
2017-04-02 | CVE-2016-8795 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei products Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset. | 7.1 |
2017-04-02 | CVE-2016-8758 | Huawei | Improper Input Validation vulnerability in Huawei Mate 8 Firmware ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart). | 7.1 |
2017-04-02 | CVE-2016-8756 | Huawei | Improper Input Validation vulnerability in Huawei Mate 8 Firmware ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart). | 7.1 |
2017-03-27 | CVE-2017-5899 | S Nail Project | Race Condition vulnerability in S-Nail Project S-Nail Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. | 7.0 |
251 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-04-02 | CVE-2016-8273 | Huawei | Improper Input Validation vulnerability in Huawei Hisuite 4.0.5.300Ove Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. | 6.9 |
2017-04-02 | CVE-2016-8802 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system. | 6.8 |
2017-04-02 | CVE-2016-8780 | Huawei | Resource Exhaustion vulnerability in Huawei products Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition. | 6.8 |
2017-04-02 | CVE-2014-9694 | Huawei | Cross-Site Request Forgery (CSRF) vulnerability in Huawei products Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions have a CSRF vulnerability. | 6.8 |
2017-04-02 | CVE-2014-9137 | Huawei | Cross-Site Request Forgery (CSRF) vulnerability in Huawei products Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | 6.8 |
2017-04-02 | CVE-2014-9136 | Huawei | Cross-Site Request Forgery (CSRF) vulnerability in Huawei products Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | 6.8 |
2017-04-02 | CVE-2017-2487 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2481 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2476 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2471 | Apple | Use After Free vulnerability in Apple Iphone OS, Safari and Watchos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2470 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2469 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2468 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2467 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2466 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2465 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2464 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2463 | Apple Microsoft | Use After Free vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2462 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2460 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2459 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2457 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2455 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2454 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2446 | Apple | Multiple Security vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2444 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2435 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2433 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2432 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2431 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2430 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2425 | Apple | Double Free vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2416 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2415 | Apple | Remote Code Execution vulnerability in WebKit An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2413 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2407 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2406 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2405 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2403 | Apple | Use of Externally-Controlled Format String vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2396 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2395 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2394 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2392 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Safari An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2379 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-04-02 | CVE-2017-2378 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 6.8 |
2017-03-31 | CVE-2017-2775 | NI | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NI Labview 16.0.0.49152 An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. | 6.8 |
2017-03-31 | CVE-2016-8917 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Selling and Fulfillment Foundation IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
2017-03-30 | CVE-2017-6412 | Sophos | Session Fixation vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | 6.8 |
2017-03-30 | CVE-2014-9825 | Imagemagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. | 6.8 |
2017-03-30 | CVE-2014-9824 | Imagemagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. | 6.8 |
2017-03-30 | CVE-2014-9823 | Imagemagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. | 6.8 |
2017-03-30 | CVE-2014-9822 | Imagemagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. | 6.8 |
2017-03-30 | CVE-2014-9821 | Imagemagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | 6.8 |
2017-03-30 | CVE-2014-9820 | Imagemagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. | 6.8 |
2017-03-30 | CVE-2014-9819 | Imagemagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. | 6.8 |
2017-03-30 | CVE-2014-9817 | Imagemagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. | 6.8 |
2017-03-30 | CVE-2017-7323 | Modx | Multiple Security vulnerability in MODX Revolution CMS The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism. | 6.8 |
2017-03-30 | CVE-2017-7322 | Modx | Improper Certificate Validation vulnerability in Modx Revolution The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. | 6.8 |
2017-03-29 | CVE-2017-7310 | Flexense | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Diskboss, Disksorter and Syncbreeze A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element. | 6.8 |
2017-03-29 | CVE-2017-2688 | Siemens | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom ROX I The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. | 6.8 |
2017-03-28 | CVE-2016-9463 | Nextcloud Owncloud | Improper Authentication vulnerability in multiple products Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. | 6.8 |
2017-03-28 | CVE-2016-9456 | Revive Adserver | Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). | 6.8 |
2017-03-28 | CVE-2016-9455 | Revive Adserver | Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). | 6.8 |
2017-03-28 | CVE-2016-9127 | Revive Adserver | Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). | 6.8 |
2017-03-27 | CVE-2015-8764 | Freeradius | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. | 6.8 |
2017-03-27 | CVE-2015-8763 | Freeradius | Out-of-bounds Read vulnerability in Freeradius The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. | 6.8 |
2017-03-27 | CVE-2015-8026 | Exfat Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exfat Project Exfat Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem. | 6.8 |
2017-03-27 | CVE-2017-6957 | Broadcom | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Bcm4339 SOC Firmware 6.37.34.40 Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156). | 6.8 |
2017-03-27 | CVE-2017-6069 | Intelliants | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.0.5 Subrion CMS 4.0.5 has CSRF in admin/blog/add/. | 6.8 |
2017-03-27 | CVE-2017-6068 | Intelliants | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.0.5 Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. | 6.8 |
2017-03-27 | CVE-2017-6066 | Intelliants | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.0.5 Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. | 6.8 |
2017-03-27 | CVE-2017-6002 | Intelliants | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.0.5.10 Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. | 6.8 |
2017-04-02 | CVE-2016-8769 | Huawei | Permissions, Privileges, and Access Controls vulnerability in Huawei Utps Firmware V200R003B015D15Sp00C983 Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. | 6.7 |
2017-04-02 | CVE-2014-3222 | Huawei | Permissions, Privileges, and Access Controls vulnerability in Huawei Espace Meeting In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. | 6.6 |
2017-03-28 | CVE-2017-7277 | Linux | Out-of-bounds Read vulnerability in Linux Kernel The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c. | 6.6 |
2017-04-02 | CVE-2015-8671 | Huawei | Permissions, Privileges, and Access Controls vulnerability in Huawei Logcenter V100R001C10 Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. | 6.5 |
2017-04-02 | CVE-2014-9696 | Huawei | Permissions, Privileges, and Access Controls vulnerability in Huawei Tecal E9000 Chassis Firmware The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation. | 6.5 |
2017-04-02 | CVE-2014-9695 | Huawei | Permissions, Privileges, and Access Controls vulnerability in Huawei Tecal E9000 Chassis Firmware The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user. | 6.5 |
2017-04-02 | CVE-2017-2381 | Apple | Multiple Security vulnerability in Apple macOS APPLE-SA-2017-03-27-3 An issue was discovered in certain Apple products. | 6.5 |
2017-04-01 | CVE-2017-7393 | Tigervnc | Double Free vulnerability in Tigervnc 1.7.1 In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. | 6.5 |
2017-03-30 | CVE-2017-6184 | Sophos | Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. | 6.5 |
2017-03-30 | CVE-2017-6183 | Sophos | Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. | 6.5 |
2017-03-30 | CVE-2017-7290 | Xoops | SQL Injection vulnerability in Xoops 2.5.7.2/2.5.7.3/2.5.8.1 SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. | 6.5 |
2017-03-29 | CVE-2017-2689 | Siemens | Improper Authentication vulnerability in Siemens Ruggedcom ROX I Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. | 6.5 |
2017-03-29 | CVE-2017-7297 | Suse | Unspecified vulnerability in Suse Rancher Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. | 6.5 |
2017-03-27 | CVE-2017-1153 | IBM | Remote Privilege Escalation vulnerability in IBM TRIRIGA Applications IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. | 6.5 |
2017-03-27 | CVE-2016-8960 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. | 6.5 |
2017-03-27 | CVE-2017-6460 | NTP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. | 6.5 |
2017-03-28 | CVE-2016-9121 | GO Jose Project | Inadequate Encryption Strength vulnerability in Go-Jose Project Go-Jose go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. | 6.4 |
2017-04-02 | CVE-2016-8794 | Huawei | Improper Access Control vulnerability in Huawei Mate 8 Firmware, Mate S Firmware and P8 Firmware Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | 6.2 |
2017-04-02 | CVE-2016-8793 | Huawei | Improper Access Control vulnerability in Huawei Mate 8 Firmware, Mate S Firmware and P8 Firmware Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | 6.2 |
2017-04-02 | CVE-2016-8792 | Huawei | Improper Access Control vulnerability in Huawei Mate 8 Firmware, Mate S Firmware and P8 Firmware Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | 6.2 |
2017-04-02 | CVE-2016-8791 | Huawei | Improper Access Control vulnerability in Huawei Mate 8 Firmware, Mate S Firmware and P8 Firmware Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | 6.2 |
2017-04-02 | CVE-2016-2404 | Huawei | Permissions, Privileges, and Access Controls vulnerability in Huawei products Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. | 6.0 |
2017-04-02 | CVE-2017-2450 | Apple | Out-of-bounds Read vulnerability in Apple products An issue was discovered in certain Apple products. | 5.8 |
2017-04-02 | CVE-2017-2447 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 5.8 |
2017-04-02 | CVE-2017-2439 | Apple | Out-of-bounds Read vulnerability in Apple products An issue was discovered in certain Apple products. | 5.8 |
2017-04-02 | CVE-2017-2409 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 5.8 |
2017-04-02 | CVE-2017-2389 | Apple | Multiple Security vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 5.8 |
2017-03-27 | CVE-2017-7272 | PHP | Server-Side Request Forgery (SSRF) vulnerability in PHP PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. | 5.8 |
2017-04-02 | CVE-2016-8790 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot. | 5.5 |
2017-03-28 | CVE-2016-8884 | Jasper Project Fedoraproject | NULL Pointer Dereference vulnerability in multiple products The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. | 5.5 |
2017-03-27 | CVE-2017-5973 | Qemu Debian Redhat | Infinite Loop vulnerability in multiple products The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. | 5.5 |
2017-03-27 | CVE-2016-9922 | Qemu | Divide By Zero vulnerability in Qemu The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. | 5.5 |
2017-04-02 | CVE-2016-8754 | Huawei | Use of Hard-coded Credentials vulnerability in Huawei Oceanstor 5600 V3 Firmware V300R003C00 Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. | 5.4 |
2017-03-30 | CVE-2017-5184 | Microfocus | Information Exposure vulnerability in Microfocus Sentinel 8.0/8.0.0.1 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). | 5.3 |
2017-04-02 | CVE-2016-8797 | Huawei | Resource Management Errors vulnerability in Huawei products Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion. | 5.0 |
2017-04-02 | CVE-2016-8773 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets. | 5.0 |
2017-04-02 | CVE-2016-8271 | Huawei | Information Exposure vulnerability in Huawei Espace IAD Firmware V300R001C07Spca00/V300R002C01 Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. | 5.0 |
2017-04-02 | CVE-2014-9692 | Huawei | Information Exposure vulnerability in Huawei products Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to figure out the RMCP+ session IDs of users and access the system with forged identities. | 5.0 |
2017-04-02 | CVE-2014-9690 | Huawei | Insufficient Entropy in PRNG vulnerability in Huawei Ws318 Firmware Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not random enough. | 5.0 |
2017-04-02 | CVE-2014-8570 | Huawei | Information Exposure vulnerability in Huawei products Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping. | 5.0 |
2017-04-02 | CVE-2014-3221 | Huawei | Resource Management Errors vulnerability in Huawei Eudemon8000E Firmware Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. | 5.0 |
2017-04-02 | CVE-2017-2484 | Apple | Multiple Security vulnerability in Apple iOS APPLE-SA-2017-03-27-4 An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2461 | Apple | Improper Input Validation vulnerability in Apple products An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2429 | Apple | Unspecified vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2419 | Apple | Multiple Security vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2414 | Apple | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2404 | Apple | Multiple Security vulnerability in Apple iOS APPLE-SA-2017-03-27-4 An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2400 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2391 | Apple | Inadequate Encryption Strength vulnerability in Apple Keynote, Numbers and Pages An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2382 | Apple | Information Exposure vulnerability in Apple mac OS Server An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2380 | Apple | Inadequate Encryption Strength vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2377 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 5.0 |
2017-04-02 | CVE-2017-2376 | Apple | Multiple Security vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 5.0 |
2017-04-01 | CVE-2017-7396 | Tigervnc | Missing Release of Resource after Effective Lifetime vulnerability in Tigervnc 1.7.1 In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. | 5.0 |
2017-04-01 | CVE-2017-7394 | Tigervnc | Improper Input Validation vulnerability in Tigervnc 1.7.1 In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. | 5.0 |
2017-04-01 | CVE-2017-7392 | Tigervnc | Missing Release of Resource after Effective Lifetime vulnerability in Tigervnc 1.7.1 In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. | 5.0 |
2017-03-31 | CVE-2017-3009 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. | 5.0 |
2017-03-30 | CVE-2014-9804 | Imagemagick | Unspecified vulnerability in Imagemagick vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." <a href="http://cwe.mitre.org/data/definitions/835.html">CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')</a> | 5.0 |
2017-03-30 | CVE-2017-7318 | Siklu | Remote Command Execution vulnerability in Multiple Siklu EtherHaul Devices Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. | 5.0 |
2017-03-29 | CVE-2017-4980 | EMC | Path Traversal vulnerability in EMC Isilon Onefs EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. | 5.0 |
2017-03-29 | CVE-2017-7258 | Auromeera | Path Traversal vulnerability in Auromeera Emli 1.0 HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. | 5.0 |
2017-03-29 | CVE-2017-7304 | GNU | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. | 5.0 |
2017-03-29 | CVE-2017-7303 | GNU | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. | 5.0 |
2017-03-29 | CVE-2017-7302 | GNU | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. | 5.0 |
2017-03-29 | CVE-2017-7301 | GNU | Improper Input Validation vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. | 5.0 |
2017-03-29 | CVE-2017-7300 | GNU | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. | 5.0 |
2017-03-29 | CVE-2015-4556 | Call CC | Improper Input Validation vulnerability in Call-Cc Chicken 4.8.0/4.9.0 The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). | 5.0 |
2017-03-28 | CVE-2016-9469 | Gitlab | Permissions, Privileges, and Access Controls vulnerability in Gitlab Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. | 5.0 |
2017-03-28 | CVE-2016-9468 | Nextcloud Owncloud | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. | 5.0 |
2017-03-28 | CVE-2016-9467 | Nextcloud Owncloud | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. | 5.0 |
2017-03-28 | CVE-2016-9460 | Nextcloud Owncloud | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. | 5.0 |
2017-03-28 | CVE-2016-9129 | Revive Adserver | Information Exposure vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. | 5.0 |
2017-03-28 | CVE-2016-9124 | Revive Adserver | Improper Authentication vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. | 5.0 |
2017-03-28 | CVE-2016-9123 | GO Jose Project | Integer Overflow or Wraparound vulnerability in Go-Jose Project Go-Jose go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. | 5.0 |
2017-03-28 | CVE-2016-9122 | GO Jose Project | Improper Access Control vulnerability in Go-Jose Project Go-Jose go-jose before 1.0.4 suffers from multiple signatures exploitation. | 5.0 |
2017-03-27 | CVE-2017-5239 | Eviewgps | Inadequate Encryption Strength vulnerability in Eviewgps Ev-07S GPS Tracker Firmware Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener. | 5.0 |
2017-03-27 | CVE-2017-5238 | Eviewgps | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eviewgps Ev-07S GPS Tracker Firmware Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. | 5.0 |
2017-03-27 | CVE-2016-9252 | F5 | Data Processing Errors vulnerability in F5 products The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. | 5.0 |
2017-03-27 | CVE-2017-7183 | Extraputty | Improper Input Validation vulnerability in Extraputty The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message. | 5.0 |
2017-03-27 | CVE-2016-4912 | Openslp | NULL Pointer Dereference vulnerability in Openslp 2.0.0 The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure. | 5.0 |
2017-04-02 | CVE-2015-7847 | Huawei | Improper Input Validation vulnerability in Huawei E3272S Firmware Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. | 4.9 |
2017-03-30 | CVE-2017-7346 | Linux | Improper Input Validation vulnerability in Linux Kernel The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. | 4.9 |
2017-03-27 | CVE-2017-7273 | Linux | Unspecified vulnerability in Linux Kernel The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. | 4.6 |
2017-03-27 | CVE-2017-6462 | NTP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. | 4.6 |
2017-03-27 | CVE-2017-6452 | NTP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. | 4.6 |
2017-03-27 | CVE-2017-6451 | NTP | Out-of-bounds Write vulnerability in NTP The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. | 4.6 |
2017-03-27 | CVE-2017-5932 | GNU | Improper Input Validation vulnerability in GNU Bash 4.4 The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. | 4.6 |
2017-03-31 | CVE-2016-8032 | Mcafee | Improper Access Control vulnerability in Mcafee Anti-Malware Scan Engine Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | 4.4 |
2017-03-28 | CVE-2016-8031 | Mcafee | Permissions, Privileges, and Access Controls vulnerability in Mcafee Anti-Malware Scan Engine Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. | 4.4 |
2017-03-27 | CVE-2017-6455 | NTP | Code Injection vulnerability in NTP NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | 4.4 |
2017-04-02 | CVE-2016-8789 | Huawei | Cross-site Scripting vulnerability in Huawei Espace Integrated Access Device Firmware Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS. | 4.3 |
2017-04-02 | CVE-2016-8757 | Huawei | Information Exposure vulnerability in Huawei P9 Firmware ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory. | 4.3 |
2017-04-02 | CVE-2015-2246 | Huawei | Information Exposure vulnerability in Huawei P7-L10 Firmware The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information. | 4.3 |
2017-04-02 | CVE-2014-8571 | Huawei | Permissions, Privileges, and Access Controls vulnerability in Huawei products Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. | 4.3 |
2017-04-02 | CVE-2017-6974 | Apple | Improper Input Validation vulnerability in Apple mac OS X 10.12.3 An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2489 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2486 | Apple | Forced Browsing vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2480 | Apple | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2479 | Apple Microsoft | Improper Input Validation vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2475 | Apple | Cross-site Scripting vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2453 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2448 | Apple | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2445 | Apple | Cross-site Scripting vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2442 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2426 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2424 | Apple | Information Exposure vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2417 | Apple | Infinite Loop vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2412 | Apple | Cleartext Transmission of Sensitive Information vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2393 | Apple | Cross-site Scripting vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2388 | Apple | NULL Pointer Dereference vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2386 | Apple | Multiple Security vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 4.3 |
2017-04-02 | CVE-2017-2367 | Apple | Multiple Security vulnerability in Apple Iphone OS, Safari and Tvos An issue was discovered in certain Apple products. | 4.3 |
2017-04-01 | CVE-2017-7391 | Magmi Project | Cross-site Scripting vulnerability in Magmi Project Magmi 0.7.22 A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. | 4.3 |
2017-04-01 | CVE-2017-7390 | Socialnetwork Project | Cross-site Scripting vulnerability in Socialnetwork Project Socialnetwork 1.2.1 A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. | 4.3 |
2017-04-01 | CVE-2017-7389 | Openeclass | Cross-site Scripting vulnerability in Openeclass Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. | 4.3 |
2017-04-01 | CVE-2017-7388 | Wallacepos Project Wallaceit | Cross-site Scripting vulnerability in Wallaceit Wallacepos A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. | 4.3 |
2017-04-01 | CVE-2017-7387 | Helpmewatchwho Project | Cross-site Scripting vulnerability in Helpmewatchwho Project Helpmewatchwho 20170323 TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). | 4.3 |
2017-04-01 | CVE-2017-7386 | Symetrie Project | Cross-site Scripting vulnerability in Symetrie Project Symetrie 0.9.6 citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). | 4.3 |
2017-03-31 | CVE-2016-9990 | IBM | Cross-site Scripting vulnerability in IBM Inotes IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.3 |
2017-03-31 | CVE-2016-6209 | Nagios | Cross-site Scripting vulnerability in Nagios Cross-site scripting (XSS) vulnerability in Nagios. | 4.3 |
2017-03-31 | CVE-2015-4624 | Hak5 | Improper Access Control vulnerability in Hak5 Wi-Fi Pineapple Firmware Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. | 4.3 |
2017-03-31 | CVE-2017-7363 | Lucidcrew | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. | 4.3 |
2017-03-31 | CVE-2017-7362 | Lucidcrew | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. | 4.3 |
2017-03-31 | CVE-2017-7361 | Lucidcrew | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. | 4.3 |
2017-03-31 | CVE-2017-7360 | Lucidcrew | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. | 4.3 |
2017-03-31 | CVE-2017-7359 | Lucidcrew | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | 4.3 |
2017-03-31 | CVE-2016-9319 | Trendmicro | Improper Certificate Validation vulnerability in Trendmicro Mobile Security There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | 4.3 |
2017-03-30 | CVE-2014-9818 | Imagemagick | Out-of-bounds Read vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. | 4.3 |
2017-03-30 | CVE-2014-9816 | Imagemagick | Out-of-bounds Read vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. | 4.3 |
2017-03-30 | CVE-2014-9815 | Imagemagick | Improper Input Validation vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. | 4.3 |
2017-03-30 | CVE-2014-9814 | Imagemagick | NULL Pointer Dereference vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. | 4.3 |
2017-03-30 | CVE-2014-9813 | Imagemagick | Improper Input Validation vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. | 4.3 |
2017-03-30 | CVE-2014-9812 | Imagemagick | NULL Pointer Dereference vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. | 4.3 |
2017-03-30 | CVE-2014-9811 | Imagemagick | Improper Input Validation vulnerability in Imagemagick The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. | 4.3 |
2017-03-30 | CVE-2014-9810 | Imagemagick | Improper Input Validation vulnerability in Imagemagick The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. | 4.3 |
2017-03-30 | CVE-2014-9809 | Imagemagick | Improper Input Validation vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. | 4.3 |
2017-03-30 | CVE-2014-9808 | Imagemagick | Improper Input Validation vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. | 4.3 |
2017-03-30 | CVE-2014-9807 | Imagemagick | Double Free vulnerability in Imagemagick The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. | 4.3 |
2017-03-30 | CVE-2014-9806 | Imagemagick | Improper Input Validation vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. | 4.3 |
2017-03-30 | CVE-2014-9805 | Imagemagick | Improper Input Validation vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. | 4.3 |
2017-03-30 | CVE-2016-7541 | Fortinet | 7PK - Security Features vulnerability in Fortinet Fortios Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. | 4.3 |
2017-03-30 | CVE-2017-7320 | Modx | Cross-site Scripting vulnerability in Modx Revolution setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value. | 4.3 |
2017-03-29 | CVE-2017-7299 | GNU | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. | 4.3 |
2017-03-29 | CVE-2016-6846 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange products Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML. | 4.3 |
2017-03-29 | CVE-2015-8234 | Openstack | Cryptographic Issues vulnerability in Openstack Glance 11.0.0 The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. | 4.3 |
2017-03-29 | CVE-2017-2687 | Siemens | Cross-site Scripting vulnerability in Siemens Ruggedcom ROX I Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link. | 4.3 |
2017-03-28 | CVE-2016-9473 | Brave | Cross-site Scripting vulnerability in Brave Browser 1.2.16/1.9.56 Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. | 4.3 |
2017-03-28 | CVE-2016-9466 | Nextcloud Owncloud | Cross-site Scripting vulnerability in multiple products Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. | 4.3 |
2017-03-28 | CVE-2016-9459 | Nextcloud Owncloud | Cross-site Scripting vulnerability in multiple products Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. | 4.3 |
2017-03-27 | CVE-2017-1120 | IBM | Cross-site Scripting vulnerability in IBM Websphere Portal 8.5/9.0 IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.3 |
2017-03-27 | CVE-2016-6102 | IBM | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. | 4.3 |
2017-03-27 | CVE-2017-7275 | Imagemagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.49 The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. | 4.3 |
2017-03-27 | CVE-2017-7274 | Radare | NULL Pointer Dereference vulnerability in Radare Radare2 1.3.0 The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. | 4.3 |
2017-03-27 | CVE-2017-7271 | YII Software | Cross-site Scripting vulnerability in YII Software YII Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. | 4.3 |
2017-03-27 | CVE-2015-8762 | Freeradius | NULL Pointer Dereference vulnerability in Freeradius The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. | 4.3 |
2017-03-27 | CVE-2015-8010 | Icinga Opensuse Opensuse Project | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | 4.3 |
2017-03-27 | CVE-2017-6067 | Getsymphony | Cross-site Scripting vulnerability in Getsymphony Symphony 2.6.9 Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. | 4.3 |
2017-03-27 | CVE-2017-6003 | Dotcms | Cross-site Scripting vulnerability in Dotcms 3.7.0 dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. | 4.3 |
2017-04-02 | CVE-2016-8803 | Huawei | Permissions, Privileges, and Access Controls vulnerability in Huawei Fusionstorage V100R003C30U1 The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. | 4.1 |
2017-04-02 | CVE-2016-8764 | Huawei | Improper Input Validation vulnerability in Huawei P8 Lite Firmware, P9 Firmware and P9 Lite Firmware The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver. | 4.1 |
2017-04-02 | CVE-2016-8781 | Huawei | Resource Management Errors vulnerability in Huawei products Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition. | 4.0 |
2017-04-02 | CVE-2016-8779 | Huawei | Command Injection vulnerability in Huawei FusionAccess Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database. | 4.0 |
2017-04-02 | CVE-2016-6177 | Huawei | Integer Overflow or Wraparound vulnerability in Huawei Oceanstor 5800 V3 Firmware V300R003C00 The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. | 4.0 |
2017-04-02 | CVE-2015-8670 | Huawei | Improper Input Validation vulnerability in Huawei Logcenter V100R001C10 Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service. | 4.0 |
2017-04-02 | CVE-2014-9691 | Huawei | Information Exposure vulnerability in Huawei products Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow users who log in to the products to view the sessions IDs of all online users on the Online Users page of the web UI. | 4.0 |
2017-04-01 | CVE-2017-7395 | Tigervnc | Integer Overflow or Wraparound vulnerability in Tigervnc 1.7.1 In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. | 4.0 |
2017-03-31 | CVE-2017-1171 | IBM | Remote Privilege Escalation vulnerability in IBM TRIRIGA Application Platform The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. | 4.0 |
2017-03-31 | CVE-2017-1154 | IBM | Information Exposure vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0 IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. | 4.0 |
2017-03-30 | CVE-2016-7542 | Fortinet | Information Exposure vulnerability in Fortinet Fortios A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | 4.0 |
2017-03-29 | CVE-2017-2686 | Siemens | Information Exposure vulnerability in Siemens Ruggedcom ROX I Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information. | 4.0 |
2017-03-28 | CVE-2017-0882 | Gitlab | Information Exposure vulnerability in Gitlab Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. | 4.0 |
2017-03-28 | CVE-2017-0881 | Zulip | Incorrect Authorization vulnerability in Zulip Server An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. | 4.0 |
2017-03-28 | CVE-2016-9464 | Nextcloud | Improper Authorization vulnerability in Nextcloud Server Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. | 4.0 |
2017-03-28 | CVE-2016-9462 | Nextcloud Owncloud | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. | 4.0 |
2017-03-28 | CVE-2016-9461 | Nextcloud Owncloud | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. | 4.0 |
2017-03-27 | CVE-2017-1142 | IBM | Information Exposure vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. | 4.0 |
2017-03-27 | CVE-2017-6464 | NTP | Improper Input Validation vulnerability in NTP NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. | 4.0 |
2017-03-27 | CVE-2017-6463 | NTP | Improper Input Validation vulnerability in NTP NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. | 4.0 |
2017-03-27 | CVE-2015-8309 | Fomori | Path Traversal vulnerability in Fomori Cherrymusic Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download." | 4.0 |
42 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-04-02 | CVE-2016-8275 | Huawei | Improper Input Validation vulnerability in Huawei Anyoffice V200R006C00 Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb. | 3.5 |
2017-04-02 | CVE-2017-2383 | Apple | Security Bypass vulnerability in Apple Icloud and Itunes An issue was discovered in certain Apple products. | 3.5 |
2017-03-31 | CVE-2016-8935 | IBM | Cross-site Scripting vulnerability in IBM Kenexa LMS IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. | 3.5 |
2017-03-31 | CVE-2016-6036 | IBM | Cross-site Scripting vulnerability in IBM Rational Quality Manager IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. | 3.5 |
2017-03-31 | CVE-2016-6031 | IBM | Cross-site Scripting vulnerability in IBM Rational Quality Manager IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. | 3.5 |
2017-03-31 | CVE-2016-6022 | IBM | Cross-site Scripting vulnerability in IBM Rational Quality Manager IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. | 3.5 |
2017-03-31 | CVE-2017-7309 | Mantisbt | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. | 3.5 |
2017-03-31 | CVE-2017-7241 | Mantisbt | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. | 3.5 |
2017-03-31 | CVE-2017-6973 | Mantisbt | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. | 3.5 |
2017-03-29 | CVE-2017-5900 | Netcomm | Cross-site Scripting vulnerability in Netcomm Nb16Wv-02 Firmware Nb16Wvr0.09 Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm. | 3.5 |
2017-03-29 | CVE-2017-7298 | Moodle | Cross-site Scripting vulnerability in Moodle 3.2.2 In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. | 3.5 |
2017-03-29 | CVE-2017-6864 | Siemens | Cross-site Scripting vulnerability in Siemens Ruggedcom ROX I The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. | 3.5 |
2017-03-28 | CVE-2016-9472 | Revive Adserver | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. | 3.5 |
2017-03-28 | CVE-2016-9465 | Nextcloud Owncloud | Cross-site Scripting vulnerability in multiple products Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. | 3.5 |
2017-03-28 | CVE-2016-9457 | Revive Adserver | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Reflected XSS. | 3.5 |
2017-03-28 | CVE-2016-9454 | Revive Adserver | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Persistent XSS. | 3.5 |
2017-03-28 | CVE-2016-9130 | Revive Adserver | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Persistent XSS. | 3.5 |
2017-03-28 | CVE-2016-9128 | Revive Adserver | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from reflected XSS. | 3.5 |
2017-03-28 | CVE-2016-9126 | Revive Adserver | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from persistent XSS. | 3.5 |
2017-03-27 | CVE-2017-1143 | IBM | Information Exposure vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 3.5 |
2017-03-27 | CVE-2016-9737 | IBM | Cross-site Scripting vulnerability in IBM Tririga Application Platform IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. | 3.5 |
2017-03-27 | CVE-2016-6056 | IBM | Cross-site Scripting vulnerability in IBM Call Center FOR Commerce 9.3/9.4 IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. | 3.5 |
2017-03-27 | CVE-2017-6878 | Metinfo | Cross-site Scripting vulnerability in Metinfo 5.3.15 Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. | 3.5 |
2017-03-27 | CVE-2015-8310 | Fomori | Cross-site Scripting vulnerability in Fomori Cherrymusic Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist. | 3.5 |
2017-03-29 | CVE-2016-2379 | Pidgin | Inadequate Encryption Strength vulnerability in Pidgin Mxit The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | 3.3 |
2017-04-02 | CVE-2016-8776 | Huawei | Improper Authorization vulnerability in Huawei P9 Firmware and P9 Lite Firmware Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. | 2.1 |
2017-04-02 | CVE-2016-8272 | Huawei | Information Exposure vulnerability in Huawei Hisuite 4.0.5.300Ove Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. | 2.1 |
2017-04-02 | CVE-2017-2452 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-04-02 | CVE-2017-2418 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-04-02 | CVE-2017-2399 | Apple | Inadequate Encryption Strength vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-04-02 | CVE-2017-2397 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-04-02 | CVE-2017-2390 | Apple | Link Following vulnerability in Apple products An issue was discovered in certain Apple products. | 2.1 |
2017-04-02 | CVE-2017-2385 | Apple | Information Exposure vulnerability in Apple Safari An issue was discovered in certain Apple products. | 2.1 |
2017-04-02 | CVE-2017-2384 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-04-02 | CVE-2016-7585 | Apple | Cryptographic Issues vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-03-29 | CVE-2016-6349 | Projectatomic | Information Exposure vulnerability in Projectatomic Oci-Register-Machine The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command. | 2.1 |
2017-03-29 | CVE-2016-4976 | Apache | Information Exposure vulnerability in Apache Ambari Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. | 2.1 |
2017-03-28 | CVE-2016-9471 | Revive Adserver | Unspecified vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. | 2.1 |
2017-03-27 | CVE-2017-6459 | NTP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. | 2.1 |
2017-03-27 | CVE-2016-7474 | F5 | Information Exposure vulnerability in F5 products In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. | 2.1 |
2017-04-02 | CVE-2016-8762 | Huawei | Improper Input Validation vulnerability in Huawei P8 Lite Firmware, P9 Firmware and P9 Lite Firmware The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart. | 1.9 |
2017-03-29 | CVE-2017-4977 | EMC | Information Exposure vulnerability in EMC RSA Archer Security Operations Management EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system. | 1.9 |