Weekly Vulnerabilities Reports > April 3 to 9, 2017

Overview

250 new vulnerabilities reported during this period, including 29 critical vulnerabilities and 69 high severity vulnerabilities. This weekly summary report vulnerabilities in 186 products from 92 vendors including Linux, Google, Cisco, Libtiff, and Canonical. Vulnerabilities are notably categorized as "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "NULL Pointer Dereference", and "Cross-site Scripting".

  • 213 reported vulnerabilities are remotely exploitables.
  • 19 reported vulnerabilities have public exploit available.
  • 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 218 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 36 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

29 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-04-07 CVE-2017-0561 Linux Out-of-bounds Write vulnerability in Linux Kernel 3.10/3.18

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC.

10.0
2017-04-06 CVE-2017-3834 Cisco Insecure Default Initialization of Resource vulnerability in Cisco Aironet Access Point Firmware

A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.

10.0
2017-04-05 CVE-2017-7450 Airtame Improper Authentication vulnerability in Airtame Hdmi Dongle Firmware

AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface.

10.0
2017-04-03 CVE-2016-10312 Jensenofscandinavia Command Injection vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.

10.0
2017-04-06 CVE-2016-8735 Apache
Canonical
Netapp
Debian
Redhat
Oracle
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports.
9.8
2017-04-06 CVE-2016-6809 Apache Deserialization of Untrusted Data vulnerability in Apache Nutch and Tika

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files.

9.8
2017-04-04 CVE-2016-10229 Linux
Google
Improperly Implemented Security Check for Standard vulnerability in multiple products

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

9.8
2017-04-03 CVE-2017-7410 Websitebaker SQL Injection vulnerability in Websitebaker

Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.

9.8
2017-04-07 CVE-2017-0564 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-04-07 CVE-2017-0563 Linux Insufficient Verification of Data Authenticity vulnerability in Linux Kernel 3.10

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-04-07 CVE-2017-0562 Google Privilege Escalation vulnerability in Google Android MediaTek Touchscreen Driver

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3
2017-04-07 CVE-2017-0546 Google NULL Pointer Dereference vulnerability in Google Android

An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process.

9.3
2017-04-07 CVE-2017-0545 Google Incorrect Calculation vulnerability in Google Android

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.

9.3
2017-04-07 CVE-2017-0544 Google Operation on a Resource after Expiration or Release vulnerability in Google Android

An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code.

9.3
2017-04-07 CVE-2017-0543 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-04-07 CVE-2017-0542 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-04-07 CVE-2017-0541 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-04-07 CVE-2017-0540 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-04-07 CVE-2017-0539 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-04-07 CVE-2017-0538 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3
2017-04-06 CVE-2017-7572 Backintime Project Race Condition vulnerability in Backintime Project Backintime

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use).

9.3
2017-04-06 CVE-2016-10320 Textract Project OS Command Injection vulnerability in Textract Project Textract

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function.

9.3
2017-04-05 CVE-2017-7444 Veritas DLL Loading Local Code Execution vulnerability in Veritas System Recovery 16

In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.

9.3
2017-04-04 CVE-2014-9922 Linux
Google
Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

9.3
2017-04-07 CVE-2016-7786 Sophos Permissions, Privileges, and Access Controls vulnerability in Sophos Cyberoam Cr25Ing UTM Firmware 10.6.2

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp.

9.0
2017-04-06 CVE-2017-6884 Zyxel OS Command Injection vulnerability in Zyxel Emg2926 Firmware V1.00(Aaqt.4)B8

A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8.

9.0
2017-04-06 CVE-2017-6968 GMV Unspecified vulnerability in GMV Checker ATM Security

GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03.

9.0
2017-04-05 CVE-2016-9091 Bluecoat OS Command Injection vulnerability in Bluecoat products

Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability.

9.0
2017-04-04 CVE-2017-7413 Horde OS Command Injection vulnerability in Horde Groupware

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.

9.0

69 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-04-04 CVE-2017-7398 D Link Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dir-615 Firmware 20.09

D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability.

8.8
2017-04-05 CVE-2017-6956 Broadcom Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Hardmac Wi-Fi SOC Firmware 6.37.34.40

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).

8.3
2017-04-09 CVE-2017-7605 Libaacplus Project Reachable Assertion vulnerability in Libaacplus Project Libaacplus 2.0.2

aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

7.8
2017-04-09 CVE-2017-7604 Libaacplus Project Improper Input Validation vulnerability in Libaacplus Project Libaacplus 2.0.2

au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

7.8
2017-04-09 CVE-2017-7603 Libaacplus Project Integer Overflow or Wraparound vulnerability in Libaacplus Project Libaacplus 2.0.2

au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

7.8
2017-04-07 CVE-2017-6019 Schneider Electric Resource Exhaustion vulnerability in Schneider-Electric Conext Combox 865-1058 Firmware

An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830.

7.8
2017-04-06 CVE-2017-3832 Cisco Improper Handling of Exceptional Conditions vulnerability in Cisco Wireless LAN Controller Firmware 8.3.102.0

A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2017-04-06 CVE-2016-9219 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device.

7.8
2017-04-06 CVE-2017-2675 Objective Development
Obdev
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part.
7.8
2017-04-07 CVE-2017-0583 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0582 Linux Privilege Escalation vulnerability in Linux Kernel 3.10

An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub.

7.6
2017-04-07 CVE-2017-0581 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0580 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0579 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0578 Google Privilege Escalation vulnerability in Google Android DTS Sound Driver

An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0577 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0576 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0575 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0574 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0573 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0572 Linux Privilege Escalation vulnerability in Linux Kernel 3.10

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0571 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0570 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0569 Linux Incorrect Calculation of Buffer Size vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0568 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0567 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0566 Google Privilege Escalation vulnerability in Google Android MediaTek Camera Driver

An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0565 Google Privilege Escalation vulnerability in Google Android MediaTek Thermal Driver

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0462 Linux Race Condition vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-07 CVE-2017-0454 Linux Privilege Escalation vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-05 CVE-2017-0339 Linux Privilege Escalation vulnerability in Linux Kernel 3.10

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-05 CVE-2017-0332 Linux Out-of-bounds Write vulnerability in Linux Kernel 3.10

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-05 CVE-2017-0329 Linux Privilege Escalation vulnerability in Linux Kernel 3.18

An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor.

7.6
2017-04-05 CVE-2017-0327 Linux Classic Buffer Overflow vulnerability in Linux Kernel 3.10

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-05 CVE-2017-0325 Linux Out-of-bounds Write vulnerability in Linux Kernel 3.10/3.18

An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-04-09 CVE-2017-7614 GNU NULL Pointer Dereference vulnerability in GNU Binutils 2.28

elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.

7.5
2017-04-07 CVE-2007-6760 Dataprobe Improper Authentication vulnerability in Dataprobe Ibootbar Firmware

Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.

7.5
2017-04-07 CVE-2007-6759 Dataprobe Improper Authentication vulnerability in Dataprobe Ibootbar Firmware

Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.

7.5
2017-04-07 CVE-2017-7581 News System Project SQL Injection vulnerability in News System Project News System

SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.

7.5
2017-04-06 CVE-2017-7576 Dragonwavex Use of Hard-coded Credentials vulnerability in Dragonwavex Horizon Wireless Radio Firmware 1.01.03

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices.

7.5
2017-04-06 CVE-2017-7574 Schneider Electric Use of Hard-coded Credentials vulnerability in Schneider-Electric Modicon Tm221Ce16R Firmware and Somachine

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability.

7.5
2017-04-06 CVE-2015-8965 Perforce
Oracle
Permissions, Privileges, and Access Controls vulnerability in multiple products

Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code.

7.5
2017-04-06 CVE-2017-7237 Spiceworks Unspecified vulnerability in Spiceworks 7.5

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.

7.5
2017-04-06 CVE-2017-0305 F5 Unspecified vulnerability in F5 SSL Intercept Iapp 1.5.0/1.5.7

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.

7.5
2017-04-04 CVE-2017-5649 Apache Information Exposure vulnerability in Apache Geode 1.0.0/1.1.0

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.

7.5
2017-04-03 CVE-2017-7397 Backbox Resource Exhaustion vulnerability in Backbox Linux 4.6

BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7).

7.5
2017-04-03 CVE-2017-7402 Lucidcrew Code Injection vulnerability in Lucidcrew Pixie 1.04

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.

7.5
2017-04-03 CVE-2017-5642 Apache Incorrect Default Permissions vulnerability in Apache Ambari 2.4.0/2.4.1/2.4.2

During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.

7.5
2017-04-03 CVE-2014-3927 Mrlg4Php Project Code Injection vulnerability in Mrlg4PHP Project Mrlg4PHP

mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.

7.5
2017-04-03 CVE-2017-6441 PHP NULL Pointer Dereference vulnerability in PHP 7.1.2

The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script.

7.5
2017-04-03 CVE-2017-5949 Apple Out-of-bounds Write vulnerability in Apple Safari 22

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm.

7.5
2017-04-03 CVE-2017-1001000 Wordpress Unspecified vulnerability in Wordpress 4.7/4.7.1/4.7.2

The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.

7.5
2017-04-07 CVE-2017-6600 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

7.2
2017-04-07 CVE-2017-6598 Cisco Missing Authorization vulnerability in Cisco products

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation.

7.2
2017-04-07 CVE-2017-6597 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

7.2
2017-04-07 CVE-2016-9197 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Mobility Services Engine 8.3.102.0

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges.

7.2
2017-04-07 CVE-2016-9196 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Aironet Access Point

A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system.

7.2
2017-04-05 CVE-2017-6975 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS

Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point.

7.2
2017-04-04 CVE-2017-7307 Riverbed Incorrect Permission Assignment for Critical Resource vulnerability in Riverbed Rios

Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.

7.2
2017-04-04 CVE-2017-7228 XEN Improper Validation of Array Index vulnerability in XEN

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x.

7.2
2017-04-04 CVE-2017-5683 Intel Local Privilege Escalation vulnerability in Intel Hardware Accelerated Execution Manager

Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access.

7.2
2017-04-04 CVE-2017-7412 Nixos Unspecified vulnerability in Nixos 17.03

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.

7.2
2017-04-07 CVE-2017-0552 Google Denial of Service vulnerability in Google Android Mediaserver

A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-04-07 CVE-2017-0551 Google Denial of Service vulnerability in Google Android Mediaserver

A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-04-07 CVE-2017-0550 Google Denial of Service vulnerability in Google Android Mediaserver

A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-04-07 CVE-2017-0549 Google Denial of Service vulnerability in Google Android Mediaserver

A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-04-07 CVE-2017-0548 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 7.0/7.1.0/7.1.1

A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2017-04-07 CVE-2017-3885 Cisco Resource Exhaustion vulnerability in Cisco Firepower Management Center

A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources.

7.1
2017-04-07 CVE-2017-0553 Google Integer Overflow or Wraparound vulnerability in Google Android

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service.

7.0

131 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-04-07 CVE-2017-6606 Cisco OS Command Injection vulnerability in Cisco IOS XE

A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user.

6.9
2017-04-05 CVE-2017-7358 Lightdm Project
Canonical
Path Traversal vulnerability in multiple products

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

6.9
2017-04-09 CVE-2017-7602 Libtiff Integer Overflow or Wraparound vulnerability in Libtiff 4.0.7

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

6.8
2017-04-09 CVE-2017-7601 Libtiff Improper Input Validation vulnerability in Libtiff 4.0.7

LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

6.8
2017-04-09 CVE-2017-7600 Libtiff Improper Input Validation vulnerability in Libtiff 4.0.7

LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

6.8
2017-04-09 CVE-2017-7599 Libtiff Improper Input Validation vulnerability in Libtiff 4.0.7

LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

6.8
2017-04-09 CVE-2017-7597 Libtiff Improper Input Validation vulnerability in Libtiff 4.0.7

tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

6.8
2017-04-09 CVE-2017-7596 Libtiff Improper Input Validation vulnerability in Libtiff 4.0.7

LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

6.8
2017-04-09 CVE-2017-7592 Libtiff Improper Input Validation vulnerability in Libtiff 4.0.7

The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

6.8
2017-04-07 CVE-2017-6033 Schneider Electric Uncontrolled Search Path Element vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/9.0

A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions.

6.8
2017-04-07 CVE-2017-0554 Google Missing Authorization vulnerability in Google Android

An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels.

6.8
2017-04-07 CVE-2017-7584 Foxitsoftware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Foxit PDF Toolkit

Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.

6.8
2017-04-07 CVE-2017-7578 Libming Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libming 0.4.7

Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file.

6.8
2017-04-05 CVE-2017-7447 Helpdezk Cross-Site Request Forgery (CSRF) vulnerability in Helpdezk 1.1.1

HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.

6.8
2017-04-05 CVE-2017-7446 Helpdezk Cross-Site Request Forgery (CSRF) vulnerability in Helpdezk 1.1.1

HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.

6.8
2017-04-05 CVE-2016-6100 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2017-04-04 CVE-2016-3740 Foxitsoftware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Foxit Reader 7.3.4.311

Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion.

6.8
2017-04-04 CVE-2017-3204 Golang Security Bypass vulnerability in Golang Go SSH Library

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks.

6.8
2017-04-03 CVE-2016-10317 Artifex Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Ghostscript 9.20

The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc.

6.8
2017-04-03 CVE-2017-6448 Radare Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 1.2.1

The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.

6.8
2017-04-03 CVE-2017-6194 Radare Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 1.2.1

The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.

6.8
2017-04-03 CVE-2016-10313 Jensenofscandinavia Cross-Site Request Forgery (CSRF) vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.

6.8
2017-04-07 CVE-2017-7570 Pivotx Code Injection vulnerability in Pivotx 2.3.11

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.

6.5
2017-04-06 CVE-2017-7565 Splunk Path Traversal vulnerability in Splunk Hadoop Connect

Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.

6.5
2017-04-05 CVE-2017-0886 Nextcloud Uncontrolled Recursion vulnerability in Nextcloud Server

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack.

6.5
2017-04-04 CVE-2017-7306 Riverbed Weak Password Requirements vulnerability in Riverbed Rios

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number.

6.4
2017-04-07 CVE-2017-6603 Cisco Denial of Service vulnerability in Cisco ASR 900 Series Firmware 15.4(3)S3.15

A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing.

6.1
2017-04-06 CVE-2016-9194 Cisco Resource Management Errors vulnerability in Cisco products

A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

6.1
2017-04-06 CVE-2017-7571 Ladybirdweb Cross-Site Request Forgery (CSRF) vulnerability in Ladybirdweb Faveo Helpdesk 1.9.3

public/rolechangeadmin in Faveo 1.9.3 allows CSRF.

6.0
2017-04-07 CVE-2017-6604 Cisco Open Redirect vulnerability in Cisco Unified Computing System 2.2(8B)/3.0(1C)/3.1(2C)B

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

5.8
2017-04-07 CVE-2017-3889 Cisco Improper Input Validation vulnerability in Cisco Registered Envelope Service 5.1.0015

A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect.

5.8
2017-04-06 CVE-2017-6130 F5 Server-Side Request Forgery (SSRF) vulnerability in F5 SSL Intercept Iapp and SSL Orchestrator

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.

5.8
2017-04-04 CVE-2017-7234 Djangoproject Open Redirect vulnerability in Djangoproject Django

A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.

5.8
2017-04-04 CVE-2017-7233 Djangoproject Open Redirect vulnerability in Djangoproject Django

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL.

5.8
2017-04-03 CVE-2016-10316 Jensenofscandinavia Open Redirect vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.

5.8
2017-04-03 CVE-2016-10315 Jensenofscandinavia Open Redirect vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.

5.8
2017-04-05 CVE-2017-0883 Nextcloud Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue.

5.5
2017-04-05 CVE-2017-2671 Linux Unspecified vulnerability in Linux Kernel

The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.

5.5
2017-04-03 CVE-2016-10221 Artifex Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mupdf 1.10A

The count_entries function in pdf-layer.c in Artifex Software, Inc.

5.5
2017-04-03 CVE-2016-10218 Artifex NULL Pointer Dereference vulnerability in Artifex Ghostscript 9.20

The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc.

5.5
2017-04-03 CVE-2016-10217 Artifex Use After Free vulnerability in Artifex Ghostscript 9.20

The pdf14_open function in base/gdevp14.c in Artifex Software, Inc.

5.5
2017-04-04 CVE-2017-0360 Tryton Improper Privilege Management vulnerability in Tryton

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack.

5.3
2017-04-04 CVE-2017-7414 Horde OS Command Injection vulnerability in Horde Groupware

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference.

5.1
2017-04-07 CVE-2017-6599 Cisco Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS XR 6.1.1/6.2.1

A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition.

5.0
2017-04-07 CVE-2016-9195 Cisco Resource Management Errors vulnerability in Cisco Wireless LAN Controller 8.3.102.0

A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection.

5.0
2017-04-07 CVE-2017-7577 Xiongmaitech Path Traversal vulnerability in Xiongmaitech Uc-Httpd

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.

5.0
2017-04-06 CVE-2017-7575 Schneider Electric Information Exposure vulnerability in Schneider-Electric Modicon Tm221Ce16R Firmware 1.3.3.3

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp).

5.0
2017-04-06 CVE-2017-7569 Vbulletin Server-Side Request Forgery (SSRF) vulnerability in Vbulletin

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.

5.0
2017-04-06 CVE-2017-7192 Starscream Project Improper Certificate Validation vulnerability in Starscream Project Starscream

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).

5.0
2017-04-06 CVE-2017-5887 Starscream Project Improper Certificate Validation vulnerability in Starscream Project Starscream

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).

5.0
2017-04-05 CVE-2015-9019 Xmlsoft Use of Insufficiently Random Values vulnerability in Xmlsoft Libxslt

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

5.0
2017-04-05 CVE-2015-4680 Freeradius
Suse
Improper Certificate Validation vulnerability in multiple products

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

5.0
2017-04-04 CVE-2015-1612 Opendaylight Improper Input Validation vulnerability in Opendaylight Openflow

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."

5.0
2017-04-04 CVE-2015-1611 Opendaylight Improper Input Validation vulnerability in Opendaylight Openflow

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."

5.0
2017-04-03 CVE-2014-3930 LG Project Improper Access Control vulnerability in LG Project LG 1.01

lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.

5.0
2017-04-03 CVE-2014-3929 LG Project Improper Access Control vulnerability in LG Project LG

The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.

5.0
2017-04-03 CVE-2014-3928 LG Project Improper Access Control vulnerability in LG Project LG

Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.

5.0
2017-04-03 CVE-2014-1677 Technicolor Information Exposure vulnerability in Technicolor Tc7200 Firmware Std6.01.12

Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.

5.0
2017-04-03 CVE-2013-7450 Pulpproject Improper Certificate Validation vulnerability in Pulpproject Pulp 2.2.11

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.

5.0
2017-04-03 CVE-2017-7401 Collectd Infinite Loop vulnerability in Collectd

Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.

5.0
2017-04-03 CVE-2017-6181 Ruby Lang Improper Input Validation vulnerability in Ruby-Lang Ruby 2.4.0

The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.

5.0
2017-04-03 CVE-2017-5924 Virustotal Use After Free vulnerability in Virustotal Yara 3.5.0

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.

5.0
2017-04-03 CVE-2017-5923 Virustotal Out-of-bounds Read vulnerability in Virustotal Yara 3.5.0

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.

5.0
2017-04-03 CVE-2016-10226 Apple Out-of-bounds Read vulnerability in Apple Safari 18

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.

5.0
2017-04-03 CVE-2016-10222 Apple Improper Input Validation vulnerability in Apple Safari 18

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function.

5.0
2017-04-03 CVE-2016-10211 Virustotal Use After Free vulnerability in Virustotal Yara 3.5.0

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.

5.0
2017-04-03 CVE-2016-10210 Virustotal NULL Pointer Dereference vulnerability in Virustotal Yara 3.5.0

libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.

5.0
2017-04-06 CVE-2017-4964 Cloudfoundry Code Injection vulnerability in Cloudfoundry Bosh Azure CPI 22

Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability."

4.6
2017-04-04 CVE-2016-5870 Linux NULL Pointer Dereference vulnerability in Linux Kernel

The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket.

4.6
2017-04-04 CVE-2017-7305 Riverbed Weak Password Requirements vulnerability in Riverbed Rios

Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot.

4.6
2017-04-09 CVE-2017-7613 Elfutils Project
Debian
Canonical
Improper Input Validation vulnerability in multiple products

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

4.3
2017-04-09 CVE-2017-7612 Elfutils Project
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

4.3
2017-04-09 CVE-2017-7611 Elfutils Project
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

4.3
2017-04-09 CVE-2017-7610 Elfutils Project
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

4.3
2017-04-09 CVE-2017-7609 Elfutils Project Improper Input Validation vulnerability in Elfutils Project Elfutils 0.168

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

4.3
2017-04-09 CVE-2017-7608 Elfutils Project
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

4.3
2017-04-09 CVE-2017-7607 Elfutils Project Out-of-bounds Read vulnerability in Elfutils Project Elfutils 0.168

The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

4.3
2017-04-09 CVE-2017-7606 Imagemagick Improper Input Validation vulnerability in Imagemagick 7.0.54

coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

4.3
2017-04-09 CVE-2017-7598 Libtiff Divide By Zero vulnerability in Libtiff 4.0.7

tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.

4.3
2017-04-09 CVE-2017-7595 Libtiff Divide By Zero vulnerability in Libtiff 4.0.7

The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.

4.3
2017-04-09 CVE-2017-7594 Libtiff Missing Release of Resource after Effective Lifetime vulnerability in Libtiff 4.0.7

The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.

4.3
2017-04-09 CVE-2017-7593 Libtiff Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7

tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.

4.3
2017-04-09 CVE-2017-7591 Openidm Project Cross-site Scripting vulnerability in Openidm Project Openidm 4.0.0/4.5.0

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.

4.3
2017-04-09 CVE-2017-7590 Openidm Project Cross-site Scripting vulnerability in Openidm Project Openidm 4.0.0/4.5.0

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.

4.3
2017-04-07 CVE-2017-0560 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner.

4.3
2017-04-07 CVE-2017-0559 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels.

4.3
2017-04-07 CVE-2017-0558 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels.

4.3
2017-04-07 CVE-2017-0557 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels.

4.3
2017-04-07 CVE-2017-0556 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels.

4.3
2017-04-07 CVE-2017-0555 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels.

4.3
2017-04-07 CVE-2017-0547 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels.

4.3
2017-04-07 CVE-2017-7586 Libsndfile Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libsndfile Project Libsndfile

In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.

4.3
2017-04-07 CVE-2017-7585 Libsndfile Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libsndfile Project Libsndfile

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.

4.3
2017-04-07 CVE-2017-7583 Ilias Cross-site Scripting vulnerability in Ilias

ILIAS before 5.2.3 has XSS via SVG documents.

4.3
2017-04-07 CVE-2016-6805 Apache XXE vulnerability in Apache Ignite

Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.

4.3
2017-04-07 CVE-2017-3887 Cisco Improper Handling of Exceptional Conditions vulnerability in Cisco Firepower Threat Defense 6.0.1/6.1.0/6.2.0

A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts.

4.3
2017-04-07 CVE-2017-3848 Cisco Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2)/3.0

A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.

4.3
2017-04-07 CVE-2017-7579 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.

4.3
2017-04-06 CVE-2016-1000307 Clip Bucket Cross-site Scripting vulnerability in Clip-Bucket Clipbucket

Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section.

4.3
2017-04-06 CVE-2016-5349 Google Information Exposure vulnerability in Google Android

The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application's HLOS client.

4.3
2017-04-06 CVE-2016-10319 ARM Trusted Firmware Project Integer Overflow or Wraparound vulnerability in ARM Trusted Firmware Project ARM Trusted Firmware 1.2/1.3

In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows.

4.3
2017-04-06 CVE-2017-7454 Entropymine Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.0

The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

4.3
2017-04-06 CVE-2017-7453 Entropymine NULL Pointer Dereference vulnerability in Entropymine Imageworsener 1.3.0

The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

4.3
2017-04-06 CVE-2017-7452 Entropymine NULL Pointer Dereference vulnerability in Entropymine Imageworsener 1.3.0

The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

4.3
2017-04-05 CVE-2017-7448 Dropbox Divide By Zero vulnerability in Dropbox Lepton 1.2.1

The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.

4.3
2017-04-05 CVE-2017-7443 APT Cacher NG Project
APT Cacher Project
HTTP Response Splitting vulnerability in multiple products

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.

4.3
2017-04-05 CVE-2017-0888 Nextcloud Improper Input Validation vulnerability in Nextcloud

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app.

4.3
2017-04-05 CVE-2017-0887 Nextcloud Improper Input Validation vulnerability in Nextcloud Server

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation.

4.3
2017-04-05 CVE-2017-0885 Nextcloud Information Exposure vulnerability in Nextcloud Server

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share.

4.3
2017-04-05 CVE-2017-0884 Nextcloud Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue.

4.3
2017-04-05 CVE-2014-9829 Imagemagick Out-of-bounds Read vulnerability in Imagemagick

coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.

4.3
2017-04-03 CVE-2017-7383 Podofo Project NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5

The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

4.3
2017-04-03 CVE-2017-7382 Podofo Project NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5

The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

4.3
2017-04-03 CVE-2017-7381 Podofo Project NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5

The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

4.3
2017-04-03 CVE-2017-7380 Podofo Project NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5

The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

4.3
2017-04-03 CVE-2017-7379 Podofo Project Out-of-bounds Read vulnerability in Podofo Project Podofo 0.9.5

The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.

4.3
2017-04-03 CVE-2017-7378 Podofo Project Out-of-bounds Read vulnerability in Podofo Project Podofo 0.9.5

The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.

4.3
2017-04-03 CVE-2017-5951 Artifex NULL Pointer Dereference vulnerability in Artifex Ghostscript 9.20

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.

4.3
2017-04-03 CVE-2017-5950 Yaml CPP Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Yaml-Cpp Project Yaml-Cpp 0.5.3

The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

4.3
2017-04-03 CVE-2016-10220 Artifex NULL Pointer Dereference vulnerability in Artifex Ghostscript 9.20

The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.

4.3
2017-04-03 CVE-2016-10219 Artifex Divide By Zero vulnerability in Artifex Ghostscript 9.20

The intersect function in base/gxfill.c in Artifex Software, Inc.

4.3
2017-04-03 CVE-2016-10209 Libarchive NULL Pointer Dereference vulnerability in Libarchive 3.2.2

The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.

4.3
2017-04-09 CVE-2017-7589 Openidm Project Information Exposure vulnerability in Openidm Project Openidm 4.0.0/4.5.0

In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings.

4.0
2017-04-07 CVE-2017-3886 Cisco SQL Injection vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6)

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection.

4.0
2017-04-07 CVE-2017-3884 Cisco Information Exposure vulnerability in Cisco products

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data.

4.0
2017-04-07 CVE-2017-3817 Cisco Incorrect Authorization vulnerability in Cisco Unified Computing System Director 5.5.0.1/6.0.0.0

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain.

4.0
2017-04-06 CVE-2017-7566 Mybb Server-Side Request Forgery (SSRF) vulnerability in Mybb

MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.

4.0
2017-04-05 CVE-2017-6339 Trendmicro Weak Password Requirements vulnerability in Trendmicro Interscan web Security Virtual Appliance

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data.

4.0
2017-04-05 CVE-2017-6338 Trendmicro Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Interscan web Security Virtual Appliance

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.

4.0
2017-04-04 CVE-2016-10318 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.

4.0
2017-04-03 CVE-2016-10314 Jensenofscandinavia Information Exposure vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.

4.0

21 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-04-07 CVE-2017-6602 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

3.6
2017-04-07 CVE-2017-6601 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

3.6
2017-04-07 CVE-2017-3888 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.98000.452)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

3.5
2017-04-06 CVE-2015-4673 Clip Bucket Cross-site Scripting vulnerability in Clip-Bucket Clipbucket 2.7.0.5

Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php.

3.5
2017-04-05 CVE-2017-1180 IBM Remote Privilege Escalation vulnerability in IBM TRIRIGA Application Platform

The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to.

3.5
2017-04-05 CVE-2016-3031 IBM Cross-site Scripting vulnerability in IBM Cognos Analytics

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.

3.5
2017-04-05 CVE-2016-3015 IBM Cross-site Scripting vulnerability in IBM Cognos Analytics

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.

3.5
2017-04-05 CVE-2017-6340 Trendmicro Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report.

3.5
2017-04-03 CVE-2017-7400 Openstack Cross-site Scripting vulnerability in Openstack Horizon

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

3.5
2017-04-07 CVE-2017-2387 Apple Improper Certificate Validation vulnerability in Apple Music 1.2.1

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

2.9
2017-04-07 CVE-2017-0586 Linux Information Exposure vulnerability in Linux Kernel 3.10/3.18

An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-04-07 CVE-2017-0585 Linux Information Exposure vulnerability in Linux Kernel 3.10/3.18

An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-04-07 CVE-2017-0584 Linux Information Exposure vulnerability in Linux Kernel 3.10/3.18

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-04-05 CVE-2017-0330 Linux Information Exposure vulnerability in Linux Kernel 3.10

An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-04-05 CVE-2017-0328 Linux Information Exposure vulnerability in Linux Kernel 3.10

An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels.

2.6
2017-04-04 CVE-2017-7418 Proftpd Link Following vulnerability in Proftpd 1.3.2/1.3.4/1.3.6

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks.

2.1
2017-04-04 CVE-2017-5670 Riverbed Information Exposure vulnerability in Riverbed Rios

Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.

2.1
2017-04-03 CVE-2017-5686 Intel Incorrect Default Permissions vulnerability in Intel Nuc6I3Syh Bios and Nuc6I3Syk Bios

The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information.

2.1
2017-04-03 CVE-2017-5685 Intel Incorrect Default Permissions vulnerability in Intel Nuc6I7Kyk Bios Kyskli70.86A.0042.2016.0929.1933

The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.

2.1
2017-04-03 CVE-2017-5684 Intel Incorrect Default Permissions vulnerability in Intel Stk2Mv64Cc Bios

The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.

2.1
2017-04-03 CVE-2017-7407 Haxx Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl 7.53.1

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

2.1