Weekly Vulnerabilities Reports > April 24 to 30, 2017
Overview
463 new vulnerabilities reported during this period, including 29 critical vulnerabilities and 88 high severity vulnerabilities. This weekly summary report vulnerabilities in 324 products from 119 vendors including Oracle, Debian, Google, Redhat, and Juniper. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Missing Release of Resource after Effective Lifetime", and "Path Traversal".
- 379 reported vulnerabilities are remotely exploitables.
- 28 reported vulnerabilities have public exploit available.
- 92 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 330 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 196 reported vulnerabilities.
- Trendmicro has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
29 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-04-29 | CVE-2017-6553 | Quest | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Quest Privilege Manager FOR Unix Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon. | 10.0 |
2017-04-28 | CVE-2017-2142 | Iodata | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata Wn-G300R3 Firmware Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 10.0 |
2017-04-28 | CVE-2017-2096 | Smalruby | OS Command Injection vulnerability in Smalruby Smalruby-Editor smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 10.0 |
2017-04-27 | CVE-2017-3066 | Adobe | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 10.0/11.0/2016 Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. | 10.0 |
2017-04-25 | CVE-2017-8224 | Wificam | Use of Hard-coded Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. | 10.0 |
2017-04-25 | CVE-2017-8218 | TP Link | Insecure Default Initialization of Resource vulnerability in Tp-Link C20I Firmware and C2 Firmware vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password. | 10.0 |
2017-04-24 | CVE-2017-3623 | Oracle | Remote Code Execution vulnerability in Oracle Solaris Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). | 10.0 |
2017-04-24 | CVE-2017-2320 | Juniper | Information Exposure vulnerability in Juniper Northstar Controller A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. | 10.0 |
2017-04-28 | CVE-2017-7895 | Linux Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. | 9.8 |
2017-04-24 | CVE-2015-7247 | D Link | Information Exposure vulnerability in D-Link Dvg-N5402Sp Firmware W1000Cn00/W1000Cn03/W2000En00 D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | 9.8 |
2017-04-24 | CVE-2015-7246 | D Link | Use of Hard-coded Credentials vulnerability in D-Link Dvg-N5402Sp Firmware W1000Cn00/W1000Cn03/W2000En00 D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | 9.8 |
2017-04-28 | CVE-2017-2149 | Toshiba | Untrusted Search Path vulnerability in Toshiba Flashair Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 9.3 |
2017-04-27 | CVE-2017-6037 | WE CON | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in We-Con Levi Studio HMI Editor 1.8.0 A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. | 9.3 |
2017-04-27 | CVE-2017-6035 | WE CON | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in We-Con Levi Studio HMI Editor 1.8.0 A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. | 9.3 |
2017-04-24 | CVE-2017-2332 | Juniper | Improper Authentication vulnerability in Juniper Northstar Controller An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment. | 9.3 |
2017-04-29 | CVE-2017-7981 | Enalean Phpwiki Project | OS Command Injection vulnerability in multiple products Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. | 9.0 |
2017-04-28 | CVE-2016-8592 | Trendmicro | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
2017-04-28 | CVE-2016-8591 | Trendmicro | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
2017-04-28 | CVE-2016-8590 | Trendmicro | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
2017-04-28 | CVE-2016-8589 | Trendmicro | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
2017-04-28 | CVE-2016-8586 | Trendmicro | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
2017-04-28 | CVE-2016-8585 | Trendmicro | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. | 9.0 |
2017-04-28 | CVE-2017-2141 | Iodata | OS Command Injection vulnerability in Iodata Wn-G300R3 Firmware WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. | 9.0 |
2017-04-25 | CVE-2017-8220 | TP Link | OS Command Injection vulnerability in Tp-Link C20I Firmware and C2 Firmware TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data. | 9.0 |
2017-04-24 | CVE-2017-3543 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). | 9.0 |
2017-04-24 | CVE-2017-3542 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). | 9.0 |
2017-04-24 | CVE-2017-3230 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware Mapviewer 11.1.1.9/12.2.1.1/12.2.1.2 Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). | 9.0 |
2017-04-24 | CVE-2016-6903 | Lshell Project | Permissions, Privileges, and Access Controls vulnerability in Lshell Project Lshell 0.9.16 lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | 9.0 |
2017-04-24 | CVE-2016-6902 | Lshell Project | Permissions, Privileges, and Access Controls vulnerability in Lshell Project Lshell 0.9.16 lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | 9.0 |
88 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-04-25 | CVE-2017-5051 | Integer Overflow or Wraparound vulnerability in Google Chrome An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | 8.8 | |
2017-04-25 | CVE-2017-5050 | Integer Overflow or Wraparound vulnerability in Google Chrome An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | 8.8 | |
2017-04-25 | CVE-2017-5049 | Integer Overflow or Wraparound vulnerability in Google Chrome An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | 8.8 | |
2017-04-25 | CVE-2017-5048 | Integer Overflow or Wraparound vulnerability in Google Chrome An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | 8.8 | |
2017-04-25 | CVE-2017-5047 | Integer Overflow or Wraparound vulnerability in Google Chrome An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | 8.8 | |
2017-04-24 | CVE-2017-5043 | Google Redhat Debian | Use After Free vulnerability in multiple products Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | 8.8 |
2017-04-24 | CVE-2017-5034 | Use After Free vulnerability in Google Chrome A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | 8.8 | |
2017-04-24 | CVE-2017-5032 | Out-of-bounds Write vulnerability in Google Chrome PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 | |
2017-04-24 | CVE-2017-5031 | Use After Free vulnerability in Google Chrome A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 | |
2017-04-24 | CVE-2017-5030 | Google Debian Redhat | Out-of-bounds Read vulnerability in multiple products Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 |
2017-04-24 | CVE-2017-5029 | Google Xmlsoft Debian Redhat | Out-of-bounds Write vulnerability in multiple products The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 |
2017-04-24 | CVE-2017-3601 | Oracle | Remote Security vulnerability in Oracle API Gateway 11.1.2.4.0 Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). | 8.8 |
2017-04-24 | CVE-2017-7852 | Dlink | Cross-Site Request Forgery (CSRF) vulnerability in Dlink products D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. | 8.8 |
2017-04-24 | CVE-2017-3602 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 8.5 |
2017-04-24 | CVE-2017-3592 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Payables component of Oracle E-Business Suite (subcomponent: Self Service Manager). | 8.5 |
2017-04-24 | CVE-2017-3545 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). | 8.5 |
2017-04-24 | CVE-2017-3472 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Private Banking Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Portfolio Management). | 8.5 |
2017-04-28 | CVE-2017-2113 | Iodata | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata products Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 8.3 |
2017-04-28 | CVE-2017-2112 | Iodata | OS Command Injection vulnerability in Iodata products TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 8.3 |
2017-04-24 | CVE-2017-3254 | Oracle | Remote Security vulnerability in Oracle Retail Invoice Matching 12.0/13.0 Vulnerability in the Oracle Retail Invoice Matching component of Oracle Retail Applications (subcomponent: Security). | 8.3 |
2017-04-24 | CVE-2017-3306 | Oracle | Remote Security vulnerability in Oracle MySQL Enterprise Monitor Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). | 8.2 |
2017-04-24 | CVE-2017-5035 | Google Debian Redhat | Race Condition vulnerability in multiple products Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. | 8.1 |
2017-04-24 | CVE-2017-3530 | Oracle | Remote Security vulnerability in Oracle Transportation Manager CVE-2017-3530 Vulnerability in the Oracle Transportation Manager component of Oracle Supply Chain Products Suite (subcomponent: Security). | 7.9 |
2017-04-27 | CVE-2017-8291 | Artifex Debian Redhat | Type Confusion vulnerability in multiple products Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. | 7.8 |
2017-04-24 | CVE-2017-5039 | Google Debian Redhat | Use After Free vulnerability in multiple products A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 7.8 |
2017-04-24 | CVE-2017-5037 | Google Debian Redhat | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | 7.8 |
2017-04-24 | CVE-2017-5036 | Google Debian Redhat | Use After Free vulnerability in multiple products A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file. | 7.8 |
2017-04-24 | CVE-2017-3625 | Oracle | Remote Security vulnerability in Oracle WebCenter Content Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). | 7.8 |
2017-04-24 | CVE-2017-3599 | Oracle | Integer Overflow or Wraparound vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). | 7.8 |
2017-04-24 | CVE-2017-3593 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 7.8 |
2017-04-24 | CVE-2017-3557 | Oracle | Cross-site Scripting vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). | 7.8 |
2017-04-24 | CVE-2017-3519 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). | 7.8 |
2017-04-24 | CVE-2017-3499 | Oracle | Remote Security vulnerability in Oracle Social Network Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware (subcomponent: Android Client). | 7.8 |
2017-04-24 | CVE-2017-3432 | Oracle | Remote Security vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). | 7.8 |
2017-04-24 | CVE-2017-3393 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Interaction History). | 7.8 |
2017-04-24 | CVE-2017-3337 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). | 7.8 |
2017-04-24 | CVE-2017-3233 | Oracle | Remote Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 7.8 |
2017-04-24 | CVE-2017-2315 | Juniper | Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. | 7.8 |
2017-04-30 | CVE-2017-8366 | Ettercap Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ettercap Project Ettercap 0.8.2 The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter. | 7.5 |
2017-04-30 | CVE-2017-8359 | Grpc | Out-of-bounds Write vulnerability in Grpc Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. | 7.5 |
2017-04-30 | CVE-2017-8358 | Libreoffice | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libreoffice LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. | 7.5 |
2017-04-28 | CVE-2016-8584 | Trendmicro | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | 7.5 |
2017-04-28 | CVE-2017-2101 | IPA | Improper Authentication vulnerability in IPA Appgoat 3.0.0 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. | 7.5 |
2017-04-27 | CVE-2017-8305 | 13Thmonkey | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in 13Thmonkey Udfclient The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. | 7.5 |
2017-04-27 | CVE-2017-8307 | Avast | Arbitrary File Deletion vulnerability in Avast! Antivirus In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. | 7.5 |
2017-04-27 | CVE-2017-8297 | Simple File Manager Project | Path Traversal vulnerability in Simple-File-Manager Project Simple-File-Manager 20170419 A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | 7.5 |
2017-04-27 | CVE-2017-5186 | Netiq Novell | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | 7.5 |
2017-04-27 | CVE-2017-8289 | Riot Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Riot Project Riot Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unspecified other impact via a malformed IPv6 address. | 7.5 |
2017-04-27 | CVE-2017-8287 | Freetype | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freetype FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. | 7.5 |
2017-04-26 | CVE-2017-8283 | Debian | Path Traversal vulnerability in Debian Dpkg dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | 7.5 |
2017-04-25 | CVE-2017-8225 | Wificam | Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. | 7.5 |
2017-04-25 | CVE-2017-1149 | IBM | XXE vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 7.5 |
2017-04-25 | CVE-2017-8110 | Modified Shop | XXE vulnerability in Modified-Shop Modified Ecommerce Shopsoftware 2.0.2.2 www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php. | 7.5 |
2017-04-24 | CVE-2017-3595 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 7.5 |
2017-04-24 | CVE-2017-3553 | Oracle | Remote Security vulnerability in Oracle Identity Manager 11.1.2.3.0 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). | 7.5 |
2017-04-24 | CVE-2017-3549 | Oracle | SQL Injection vulnerability in Oracle Scripting Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). | 7.5 |
2017-04-24 | CVE-2017-3540 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). | 7.5 |
2017-04-24 | CVE-2017-3507 | Oracle | Remote Security vulnerability in Oracle Service Bus Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Console Design). | 7.5 |
2017-04-24 | CVE-2017-3497 | Oracle | Remote Security vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon). | 7.5 |
2017-04-24 | CVE-2017-3476 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Private Banking Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). | 7.5 |
2017-04-24 | CVE-2017-3234 | Oracle | Remote Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 7.5 |
2017-04-24 | CVE-2011-3428 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Quicktime Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code. | 7.5 |
2017-04-24 | CVE-2017-8105 | Freetype Debian | Out-of-bounds Write vulnerability in multiple products FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | 7.5 |
2017-04-24 | CVE-2015-7569 | Yeager | SQL Injection vulnerability in Yeager CMS 1.2.1 SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | 7.5 |
2017-04-24 | CVE-2015-7568 | Yeager | SQL Injection vulnerability in Yeager CMS 1.2.1 SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. | 7.5 |
2017-04-24 | CVE-2015-7245 | D Link | Path Traversal vulnerability in D-Link Dvg-N5402Sp Firmware W1000Cn00/W1000Cn03/W2000En00 Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. | 7.5 |
2017-04-24 | CVE-2017-2331 | Juniper | Authentication Bypass vulnerability in Juniper NorthStar Controller Application A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service. | 7.5 |
2017-04-24 | CVE-2017-2321 | Juniper | Remote Privilege Escalation vulnerability in Juniper NorthStar Controller Application A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks. | 7.5 |
2017-04-24 | CVE-2017-2319 | Juniper | Improper Authentication vulnerability in Juniper Northstar Controller A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result. | 7.5 |
2017-04-24 | CVE-2017-2317 | Juniper | Information Exposure vulnerability in Juniper Northstar Controller A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker. | 7.5 |
2017-04-24 | CVE-2014-9654 | Google ICU Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923. | 7.5 |
2017-04-24 | CVE-2017-3506 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 7.4 |
2017-04-26 | CVE-2017-3162 | Apache | Improper Input Validation vulnerability in Apache Hadoop HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. | 7.3 |
2017-04-28 | CVE-2017-2108 | Softbank | Untrusted Search Path vulnerability in Softbank Primedrive Desktop Application Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.2 |
2017-04-26 | CVE-2017-7293 | Dolby | Deserialization of Untrusted Data vulnerability in Dolby Audio X2 and Dolby Audio X3 The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. | 7.2 |
2017-04-24 | CVE-2016-6915 | Nvidia | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia products Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. | 7.2 |
2017-04-24 | CVE-2017-3622 | Oracle | Local Privilege Escalation vulnerability in Oracle Solaris 10 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). | 7.2 |
2017-04-24 | CVE-2017-3237 | Oracle | Local Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 7.2 |
2017-04-24 | CVE-2016-6917 | Nvidia | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia products Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. | 7.2 |
2017-04-24 | CVE-2016-6916 | Nvidia | Integer Overflow or Wraparound vulnerability in Nvidia products Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, which triggers a buffer overflow. | 7.2 |
2017-04-24 | CVE-2015-8110 | Lenovo | Permissions, Privileges, and Access Controls vulnerability in Lenovo System Update Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." | 7.2 |
2017-04-29 | CVE-2017-8327 | Entropymine | Resource Exhaustion vulnerability in Entropymine Imageworsener The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image. | 7.1 |
2017-04-24 | CVE-2017-3547 | Oracle | Injection vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). | 7.1 |
2017-04-24 | CVE-2017-3526 | Oracle | Remote Security vulnerability in Oracle Jdk, JRE and Jrockit Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). | 7.1 |
2017-04-24 | CVE-2017-3520 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). | 7.1 |
2017-04-26 | CVE-2017-8284 | Qemu | Code Injection vulnerability in Qemu The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. | 7.0 |
2017-04-25 | CVE-2017-7477 | Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. | 7.0 |
2017-04-24 | CVE-2017-3594 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 7.0 |
294 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-04-28 | CVE-2017-2107 | Akky | Untrusted Search Path vulnerability in Akky 7-Zip32.Dll Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.9 |
2017-04-24 | CVE-2017-3564 | Oracle | Local Security vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). | 6.9 |
2017-04-24 | CVE-2015-8109 | Lenovo | Credentials Management vulnerability in Lenovo System Update Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | 6.9 |
2017-04-30 | CVE-2017-8364 | Rzip Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rzip Project Rzip 2.1 The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. | 6.8 |
2017-04-30 | CVE-2017-8361 | Libsndfile Project Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | 6.8 |
2017-04-30 | CVE-2017-8081 | Cagintranetworks | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cagintranetworks Getsimple CMS 3.3.13 Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce. | 6.8 |
2017-04-30 | CVE-2017-7721 | Irfanview | Improper Input Validation vulnerability in Irfanview FPX and Irfanview IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file. | 6.8 |
2017-04-29 | CVE-2017-8326 | Entropymine | Incorrect Calculation vulnerability in Entropymine Imageworsener libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image, related to imagew-bmp.c and imagew-util.c. | 6.8 |
2017-04-29 | CVE-2017-8325 | Entropymine | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Entropymine Imageworsener The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image. | 6.8 |
2017-04-28 | CVE-2017-1194 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
2017-04-28 | CVE-2017-2156 | Vivaldi | Untrusted Search Path vulnerability in Vivaldi Installer FOR Windows Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | 6.8 |
2017-04-28 | CVE-2017-2155 | I CON Corporation | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in I.Con Corporation Hoozin Viewer 2/3 Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage. | 6.8 |
2017-04-28 | CVE-2017-2154 | Justsystems | Improper Input Validation vulnerability in Justsystems products Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.8 |
2017-04-28 | CVE-2017-2140 | Gaku | Injection vulnerability in Gaku Tablacus Explorer Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. | 6.8 |
2017-04-28 | CVE-2017-2130 | Securebrain | Untrusted Search Path vulnerability in Securebrain Phishwall Client 3.7.13/3.7.8.1 Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. | 6.8 |
2017-04-28 | CVE-2017-2128 | Information Technology Promotion Agency | OS Command Injection vulnerability in Information-Technology Promotion Agency Introduction TO Safe Website Operation Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | 6.8 |
2017-04-28 | CVE-2017-2102 | IPA | Cross-Site Request Forgery (CSRF) vulnerability in IPA Appgoat 3.0.0 Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2017-04-28 | CVE-2017-2100 | IPA | Improper Input Validation vulnerability in IPA Appgoat 3.0.0/3.0.1 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. | 6.8 |
2017-04-28 | CVE-2017-2099 | IPA | Remote Code Execution vulnerability in IPA Appgoat 3.0.0 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. | 6.8 |
2017-04-28 | CVE-2017-2097 | Support Project | Cross-Site Request Forgery (CSRF) vulnerability in Support-Project Knowledge Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2017-04-27 | CVE-2017-8288 | Gnome | Improper Input Validation vulnerability in Gnome Gnome-Shell gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. | 6.8 |
2017-04-25 | CVE-2017-3434 | Oracle | Remote Security vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). | 6.8 |
2017-04-25 | CVE-2017-3356 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). | 6.8 |
2017-04-25 | CVE-2017-3355 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). | 6.8 |
2017-04-25 | CVE-2017-3347 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). | 6.8 |
2017-04-25 | CVE-2017-3342 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). | 6.8 |
2017-04-24 | CVE-2017-3573 | Oracle | Remote Security vulnerability in Oracle Hospitality OPERA 5 Property Services Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing). | 6.8 |
2017-04-24 | CVE-2017-3550 | Oracle | Remote Security vulnerability in Oracle Customer Interaction History 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Admin Console). | 6.8 |
2017-04-24 | CVE-2017-3534 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 6.8 |
2017-04-24 | CVE-2017-3516 | Oracle | Remote Security vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). | 6.8 |
2017-04-24 | CVE-2011-3438 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Safari 5.0.6 WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution. | 6.8 |
2017-04-24 | CVE-2017-8101 | S9Y | Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity 2.0.5 There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | 6.8 |
2017-04-24 | CVE-2016-4313 | Extplorer | Path Traversal vulnerability in Extplorer 2.1.9 Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. | 6.8 |
2017-04-24 | CVE-2016-3691 | Kallithea Kallithea SCM | Cross-Site Request Forgery (CSRF) vulnerability in Kallithea-Scm Kallithea 0.1/0.2/0.3.1 Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. | 6.8 |
2017-04-24 | CVE-2017-2326 | Juniper | Information Exposure vulnerability in Juniper Northstar Controller An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis. | 6.8 |
2017-04-24 | CVE-2017-2312 | Juniper | Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. | 6.8 |
2017-04-29 | CVE-2017-8114 | Roundcube | Improper Privilege Management vulnerability in Roundcube Webmail Roundcube Webmail allows arbitrary password resets by authenticated users. | 6.5 |
2017-04-28 | CVE-2016-8593 | Trendmicro | Path Traversal vulnerability in Trendmicro Threat Discovery Appliance Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. | 6.5 |
2017-04-28 | CVE-2017-2125 | Allied Telesis K K | Privilege Escalation vulnerability in CentreCOM AR260S V2 Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account. | 6.5 |
2017-04-25 | CVE-2017-1274 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. | 6.5 |
2017-04-25 | CVE-2017-7221 | Opentext | SQL Injection vulnerability in Opentext Documentum Content Server OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. | 6.5 |
2017-04-24 | CVE-2017-3596 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 6.5 |
2017-04-24 | CVE-2017-3577 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise CS Campus Community 9.2 Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). | 6.5 |
2017-04-24 | CVE-2017-3574 | Oracle | Remote Security vulnerability in Oracle Hospitality OPERA 5 Property Services Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA License code configuration). | 6.5 |
2017-04-24 | CVE-2017-3571 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Ebill Payment 9.2 Vulnerability in the PeopleSoft Enterprise SCM eBill Payment component of Oracle PeopleSoft Products (subcomponent: Security). | 6.5 |
2017-04-24 | CVE-2017-3570 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise Esettlements 9.1 Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eSettlements). | 6.5 |
2017-04-24 | CVE-2017-3569 | Oracle | Remote Security vulnerability in Oracle Hospitality OPERA 5 Property Services Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Business Events). | 6.5 |
2017-04-24 | CVE-2017-3554 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). | 6.5 |
2017-04-24 | CVE-2017-3525 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise SCM Services Procurement 9.2 Vulnerability in the PeopleSoft Enterprise SCM Service Procurement component of Oracle PeopleSoft Products (subcomponent: Usability). | 6.5 |
2017-04-24 | CVE-2017-3524 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise SCM Strategic Sourcing 9.2 Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component of Oracle PeopleSoft Products (subcomponent: Bidder Registration). | 6.5 |
2017-04-24 | CVE-2017-3508 | Oracle | Remote Security vulnerability in RETIRED: Oracle Primavera Products Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). | 6.5 |
2017-04-24 | CVE-2017-3503 | Oracle | Remote Security vulnerability in Oracle Primavera Products Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). | 6.5 |
2017-04-24 | CVE-2015-0104 | IBM | Improper Access Control vulnerability in IBM products IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. | 6.5 |
2017-04-27 | CVE-2017-5135 | Technicolor | SNMP Authentication Bypass vulnerability in Technicolor Dpc3928Sl Firmware D3928Slp1513A386C3420R55105160127A Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. | 6.4 |
2017-04-24 | CVE-2017-3548 | Oracle | XXE vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). | 6.4 |
2017-04-24 | CVE-2017-3546 | Oracle | Server-Side Request Forgery (SSRF) vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). | 6.4 |
2017-04-24 | CVE-2017-3541 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). | 6.4 |
2017-04-24 | CVE-2017-3531 | Oracle | Remote Security vulnerability in Oracle WebLogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Servlet Runtime). | 6.4 |
2017-04-24 | CVE-2017-3517 | Oracle | Remote Security vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). | 6.4 |
2017-04-24 | CVE-2015-7570 | Yeager | Server-Side Request Forgery (SSRF) vulnerability in Yeager CMS 1.2.1 Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php. | 6.4 |
2017-04-24 | CVE-2017-5044 | Google Debian Redhat | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 6.3 |
2017-04-24 | CVE-2017-5038 | Google Debian Redhat | Use After Free vulnerability in multiple products Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | 6.3 |
2017-04-24 | CVE-2017-3597 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 6.3 |
2017-04-24 | CVE-2017-3538 | Oracle | Local Security Bypass vulnerability in Oracle VM VirtualBox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). | 6.3 |
2017-04-24 | CVE-2017-3305 | Oracle Debian | Cleartext Transmission of Sensitive Information vulnerability in multiple products Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). | 6.3 |
2017-04-26 | CVE-2017-3161 | Apache | Cross-site Scripting vulnerability in Apache Hadoop The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. | 6.1 |
2017-04-24 | CVE-2017-5045 | Google Redhat Debian | Cross-site Scripting vulnerability in multiple products XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page. | 6.1 |
2017-04-24 | CVE-2017-3551 | Oracle | Local Security vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). | 6.1 |
2017-04-24 | CVE-2017-5191 | Netiq | Cross-site Scripting vulnerability in Netiq Access Manager 4.2/4.3 An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | 6.1 |
2017-04-28 | CVE-2016-8588 | Trendmicro | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file. | 6.0 |
2017-04-28 | CVE-2016-8587 | Trendmicro | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | 6.0 |
2017-04-28 | CVE-2017-2120 | Wbce | SQL Injection vulnerability in Wbce CMS SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | 6.0 |
2017-04-24 | CVE-2017-3600 | Oracle Redhat Debian Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). | 6.0 |
2017-04-24 | CVE-2017-3523 | Oracle | Remote Security vulnerability in Oracle Connector/J 5.1.40 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). | 6.0 |
2017-04-25 | CVE-2017-3345 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). | 5.8 |
2017-04-24 | CVE-2017-3591 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). | 5.8 |
2017-04-24 | CVE-2017-3583 | Oracle | Remote Security vulnerability in Oracle Primavera Products Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). | 5.8 |
2017-04-24 | CVE-2017-3579 | Oracle | Remote Security vulnerability in Oracle Primavera Products Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). | 5.8 |
2017-04-24 | CVE-2017-3537 | Oracle | Remote Security vulnerability in Oracle Real-Time Scheduler 2.2.0.3.13/2.3.0.0/2.3.0.1 Vulnerability in the Oracle Real-Time Scheduler component of Oracle Utilities Applications (subcomponent: Mobile Communications Platform). | 5.8 |
2017-04-24 | CVE-2017-3532 | Oracle | Remote Security vulnerability in Oracle Retail Warehouse Management System 13.2/14.0/15.0 Vulnerability in the Oracle Retail Warehouse Management System component of Oracle Retail Applications (subcomponent: Security). | 5.8 |
2017-04-24 | CVE-2017-3528 | Oracle | Open Redirect vulnerability in Oracle Applications Framework Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). | 5.8 |
2017-04-24 | CVE-2017-3515 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: User Name/Password Management). | 5.8 |
2017-04-24 | CVE-2017-3501 | Oracle | Remote Security vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). | 5.8 |
2017-04-24 | CVE-2017-3496 | Oracle | Remote Security vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.0.0/12.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.8 |
2017-04-24 | CVE-2017-8099 | Browserweb INC | Cross-Site Request Forgery (CSRF) vulnerability in Browserweb INC Whizz There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. | 5.8 |
2017-04-24 | CVE-2017-5042 | Google Redhat Debian | Missing Encryption of Sensitive Data vulnerability in multiple products Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent. | 5.7 |
2017-04-24 | CVE-2017-3586 | Oracle | Remote Security vulnerability in Oracle Mysql Connectors 2.1.0/2.1.8 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). | 5.5 |
2017-04-24 | CVE-2017-3522 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise SCM Esupplier Connection 9.2 Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection component of Oracle PeopleSoft Products (subcomponent: Vendor). | 5.5 |
2017-04-24 | CVE-2017-3521 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise SCM Purchasing 9.2 Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration). | 5.5 |
2017-04-24 | CVE-2017-3510 | Oracle | Remote Security vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). | 5.5 |
2017-04-24 | CVE-2017-3493 | Oracle | Remote Security vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.0.0/12.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2017-04-24 | CVE-2017-3492 | Oracle | Remote Security vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.0.0/12.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2017-04-24 | CVE-2017-3489 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Security Management System). | 5.5 |
2017-04-24 | CVE-2017-3484 | Oracle | Remote Security vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.0.0/12.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). | 5.5 |
2017-04-24 | CVE-2017-3479 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Private Banking Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). | 5.5 |
2017-04-24 | CVE-2017-3478 | Oracle | Remote Security vulnerability in Oracle Flexcube Private Banking 12.0.0/12.1.0 Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). | 5.5 |
2017-04-24 | CVE-2017-3455 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). | 5.5 |
2017-04-24 | CVE-2017-3454 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). | 5.5 |
2017-04-24 | CVE-2017-3304 | Oracle | Remote Security vulnerability in Oracle MySQL Cluster Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). | 5.5 |
2017-04-24 | CVE-2017-3288 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). | 5.5 |
2017-04-28 | CVE-2017-2127 | YOP Poll | Cross-site Scripting vulnerability in Yop-Poll YOP Poll Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
2017-04-28 | CVE-2017-2152 | Buffalo INC | OS Command Injection vulnerability in Buffalo INC Wnc01Wh Firmware WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | 5.2 |
2017-04-24 | CVE-2017-3580 | Oracle | Remote Security vulnerability in Oracle SUN ZFS Storage Appliance KIT Ak2013 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). | 5.1 |
2017-04-24 | CVE-2017-3514 | Oracle | Remote Security vulnerability in Oracle Jdk, JRE and Jrockit Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). | 5.1 |
2017-04-24 | CVE-2017-3512 | Oracle Redhat | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). | 5.1 |
2017-04-29 | CVE-2017-7957 | Xstream Project Debian | Improper Input Validation vulnerability in multiple products XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. | 5.0 |
2017-04-29 | CVE-2017-7945 | Paloaltonetworks | Information Exposure Through an Error Message vulnerability in Paloaltonetworks Pan-Os The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. | 5.0 |
2017-04-28 | CVE-2017-2153 | Seil | Improper Input Validation vulnerability in Seil products SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets. | 5.0 |
2017-04-28 | CVE-2017-2150 | Booking Calendar Project | Path Traversal vulnerability in Booking Calendar Project Booking Calendar Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. | 5.0 |
2017-04-28 | CVE-2017-2143 | Frogman Office INC | Forced Browsing vulnerability in Frogman Office INC products CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. | 5.0 |
2017-04-28 | CVE-2017-2139 | Frogman Office INC | Forced Browsing vulnerability in Frogman Office INC Cs-Cart CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. | 5.0 |
2017-04-28 | CVE-2017-2119 | Wbce | Path Traversal vulnerability in Wbce CMS Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2017-04-27 | CVE-2017-8308 | Avast | Improper Privilege Management vulnerability in Avast Antivirus In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. | 5.0 |
2017-04-27 | CVE-2017-8296 | KED Password Manager Project | Insufficiently Protected Credentials vulnerability in KED Password Manager Project KED Password Manager 0.5/1.0 kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. | 5.0 |
2017-04-27 | CVE-2017-8294 | Virustotal | Out-of-bounds Read vulnerability in Virustotal Yara 3.5.0 libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function. | 5.0 |
2017-04-27 | CVE-2017-7415 | Atlassian | Information Exposure vulnerability in Atlassian Confluence Server Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. | 5.0 |
2017-04-26 | CVE-2017-6054 | Hyundaiusa | Use of Hard-coded Credentials vulnerability in Hyundaiusa Blue Link 3.9.4/3.9.5 A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. | 5.0 |
2017-04-25 | CVE-2017-8223 | Wificam | Improper Authentication vulnerability in Wificam Wireless IP Camera (P2P) Firmware On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0. | 5.0 |
2017-04-25 | CVE-2017-8222 | Wificam | Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information. | 5.0 |
2017-04-25 | CVE-2017-8221 | Wificam | Missing Encryption of Sensitive Data vulnerability in Wificam Wireless IP Camera (P2P) Firmware Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2017-04-25 | CVE-2017-8217 | TP Link | Missing Authorization vulnerability in Tp-Link C20I Firmware and C2 Firmware TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. | 5.0 |
2017-04-25 | CVE-2017-8115 | Modx | Path Traversal vulnerability in Modx Revolution 2.5.7 Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. | 5.0 |
2017-04-25 | CVE-2017-8057 | Joomla | Information Exposure vulnerability in Joomla Joomla! In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. | 5.0 |
2017-04-25 | CVE-2017-7988 | Joomla | Security Bypass vulnerability in Joomla! In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article. | 5.0 |
2017-04-25 | CVE-2017-7983 | Joomla | Information Exposure vulnerability in Joomla Joomla! In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. | 5.0 |
2017-04-24 | CVE-2017-3621 | Oracle | Remote Security vulnerability in Oracle SUN ZFS Storage Appliance KIT Ak2013 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: IPC Frameworks). | 5.0 |
2017-04-24 | CVE-2017-3585 | Oracle | Remote Security vulnerability in Oracle SUN ZFS Storage Appliance KIT Ak2013 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface subsystem). | 5.0 |
2017-04-24 | CVE-2017-3572 | Oracle | Security vulnerability in Oracle Commerce Guided Search and Commerce Experience Manager Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce (subcomponent: MDEX). | 5.0 |
2017-04-24 | CVE-2017-3556 | Oracle | Information Exposure vulnerability in Oracle Application Object Library Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). | 5.0 |
2017-04-24 | CVE-2017-3555 | Oracle | Allocation of Resources Without Limits or Throttling vulnerability in Oracle Ireceivables Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: Self Registration). | 5.0 |
2017-04-24 | CVE-2017-3527 | Oracle | Information Exposure vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). | 5.0 |
2017-04-24 | CVE-2017-3518 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Base Platform 12.1.0/13.1.0/13.2.0 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). | 5.0 |
2017-04-24 | CVE-2017-3502 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise FIN Receivables 9.2 Vulnerability in the PeopleSoft Enterprise FIN Receivables component of Oracle PeopleSoft Products (subcomponent: Receivables). | 5.0 |
2017-04-24 | CVE-2017-3470 | Oracle | Remote Security vulnerability in Oracle Communications Security Gateway 3.0.0 Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications (subcomponent: Network). | 5.0 |
2017-04-24 | CVE-2017-3450 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). | 5.0 |
2017-04-24 | CVE-2017-3329 | Oracle Debian | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). | 5.0 |
2017-04-24 | CVE-2017-8104 | Mybb | Path Traversal vulnerability in Mybb In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. | 5.0 |
2017-04-24 | CVE-2017-1000361 | Opendaylight | Unspecified vulnerability in Opendaylight 3.3/4.0 DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. | 5.0 |
2017-04-24 | CVE-2017-1000360 | Opendaylight | NULL Pointer Dereference vulnerability in Opendaylight 3.3/4.0 StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. | 5.0 |
2017-04-24 | CVE-2017-1000359 | Opendaylight | Resource Exhaustion vulnerability in Opendaylight 3.3/4.0 Java out of memory error and significant increase in resource consumption. | 5.0 |
2017-04-24 | CVE-2017-1000357 | Opendaylight | Resource Exhaustion vulnerability in Opendaylight 3.3/4.0 Denial of Service attack when the switch rejects to receive packets from the controller. | 5.0 |
2017-04-24 | CVE-2017-2340 | Juniper | Improper Input Validation vulnerability in Juniper Junos 15.1/16.1 On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash. | 5.0 |
2017-04-24 | CVE-2017-2324 | Juniper | Command Injection vulnerability in Juniper Northstar Controller A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition. | 5.0 |
2017-04-24 | CVE-2017-2323 | Juniper | Denial of Service vulnerability in Juniper NorthStar Controller Application A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service. | 5.0 |
2017-04-24 | CVE-2017-2313 | Juniper | Improper Input Validation vulnerability in Juniper Junos Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. | 5.0 |
2017-04-24 | CVE-2015-1522 | BRO | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in BRO analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet. | 5.0 |
2017-04-24 | CVE-2015-1521 | BRO | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in BRO analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet. | 5.0 |
2017-04-30 | CVE-2017-8339 | Watchguard | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Watchguard Panda Antivirus 18.0 PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver. | 4.9 |
2017-04-28 | CVE-2016-7815 | Cybozu | Improper Certificate Validation vulnerability in Cybozu Remote Service Manager Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | 4.9 |
2017-04-24 | CVE-2017-8106 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer. | 4.9 |
2017-04-24 | CVE-2017-3619 | Oracle | Local Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 4.9 |
2017-04-24 | CVE-2017-3536 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). | 4.9 |
2017-04-24 | CVE-2017-3500 | Oracle | Remote Security vulnerability in Oracle Primavera Gateway Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). | 4.9 |
2017-04-24 | CVE-2017-3485 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.9 |
2017-04-24 | CVE-2017-3483 | Oracle | Local Security vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.0.0/12.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). | 4.9 |
2017-04-24 | CVE-2017-3482 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.9 |
2017-04-24 | CVE-2017-3477 | Oracle | Remote Security vulnerability in Oracle Flexcube Private Banking 12.0.0/12.1.0 Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). | 4.9 |
2017-04-24 | CVE-2017-3451 | Oracle | Remote Security vulnerability in Oracle Retail Open Commerce Platform Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Web). | 4.9 |
2017-04-24 | CVE-2017-3232 | Oracle | Local Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 4.9 |
2017-04-24 | CVE-2010-1776 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device. | 4.9 |
2017-04-24 | CVE-2017-2330 | Juniper | Excessive Iteration vulnerability in Juniper Northstar Controller A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. | 4.9 |
2017-04-24 | CVE-2017-2327 | Juniper | Resource Exhaustion vulnerability in Juniper Northstar Controller A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services. | 4.9 |
2017-04-24 | CVE-2010-5329 | Linux | Resource Management Errors vulnerability in Linux Kernel The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value. | 4.9 |
2017-04-30 | CVE-2017-8367 | Ether Software | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ether Software products Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username. | 4.6 |
2017-04-28 | CVE-2017-6250 | Nvidia | Local Code Execution vulnerability in NVIDIA GeForce Experience NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. | 4.6 |
2017-04-26 | CVE-2017-1170 | IBM | Local Session Hijacking vulnerability in IBM WebSphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. | 4.6 |
2017-04-26 | CVE-2017-7720 | Privatetunnel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Privatetunnel 2.7/2.8 Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password. | 4.6 |
2017-04-24 | CVE-2017-3620 | Oracle | Local Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 4.6 |
2017-04-24 | CVE-2017-3582 | Oracle | Local Security vulnerability in Oracle SuperCluster Specific Software 2.3.13/2.3.8 Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: Backup/Restore Utility). | 4.6 |
2017-04-24 | CVE-2017-3581 | Oracle | Local Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 4.6 |
2017-04-24 | CVE-2017-3578 | Oracle | Local Security vulnerability in Oracle SUN ZFS Storage Appliance KIT Software 2013 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). | 4.6 |
2017-04-24 | CVE-2017-3576 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.6 |
2017-04-24 | CVE-2017-3563 | Oracle | Improper Certificate Validation vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.6 |
2017-04-24 | CVE-2017-3561 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.6 |
2017-04-24 | CVE-2017-3558 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.6 |
2017-04-24 | CVE-2007-6761 | Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. | 4.6 |
2017-04-24 | CVE-2017-3606 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 4.4 |
2017-04-24 | CVE-2017-3584 | Oracle | Local Security vulnerability in Oracle SUN ZFS Storage Appliance KIT Ak2013 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). | 4.4 |
2017-04-30 | CVE-2017-8365 | Libsndfile Project Debian | Out-of-bounds Read vulnerability in multiple products The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | 4.3 |
2017-04-30 | CVE-2017-8363 | Libsndfile Project Debian | Out-of-bounds Read vulnerability in multiple products The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | 4.3 |
2017-04-30 | CVE-2017-8362 | Libsndfile Project Debian | Out-of-bounds Read vulnerability in multiple products The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | 4.3 |
2017-04-30 | CVE-2017-8357 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8356 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8355 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8354 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8353 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8352 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8351 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8350 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8349 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8348 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8347 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8346 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8345 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8344 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8343 | Imagemagick Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 4.3 |
2017-04-30 | CVE-2017-8342 | Radicale | Race Condition vulnerability in Radicale Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | 4.3 |
2017-04-28 | CVE-2017-2151 | Booking Calendar Project | Cross-site Scripting vulnerability in Booking Calendar Project Booking Calendar Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2017-04-28 | CVE-2017-2147 | WP Statistics | Cross-site Scripting vulnerability in Wp-Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2017-04-28 | CVE-2017-2137 | Netgear | Unspecified vulnerability in Netgear Prosafe Plus Configuration Utility ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. | 4.3 |
2017-04-28 | CVE-2017-2136 | WP Statistics | Cross-site Scripting vulnerability in WP Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | 4.3 |
2017-04-28 | CVE-2017-2135 | WP Statistics | Cross-site Scripting vulnerability in Wp-Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2017-04-28 | CVE-2017-2134 | Uchida | Cross-site Scripting vulnerability in Uchida Assetbase 8.0 Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2017-04-28 | CVE-2017-2124 | Onethird | Cross-site Scripting vulnerability in Onethird CMS Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php. | 4.3 |
2017-04-28 | CVE-2017-2123 | Onethird | Cross-site Scripting vulnerability in Onethird CMS Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. | 4.3 |
2017-04-28 | CVE-2017-2118 | Wbce | Cross-site Scripting vulnerability in Wbce CMS Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2017-04-28 | CVE-2017-2111 | Iodata | CRLF Injection vulnerability in Iodata products HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. | 4.3 |
2017-04-28 | CVE-2017-2110 | Nissan Securities | Improper Certificate Validation vulnerability in Nissan Securities Access CX The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 4.3 |
2017-04-28 | CVE-2017-2106 | Webmin | Cross-site Scripting vulnerability in Webmin Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2017-04-28 | CVE-2017-2105 | Presentcast INC | Information Exposure vulnerability in Presentcast INC Tver The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 4.3 |
2017-04-28 | CVE-2017-2104 | K Opticom Corporation | Information Exposure vulnerability in K-Opticom Corporation Business Lala Call The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 4.3 |
2017-04-28 | CVE-2017-2103 | K Opticom Corporation | Information Exposure vulnerability in K-Opticom Corporation Lala Call The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 4.3 |
2017-04-28 | CVE-2017-2093 | Cybozu | Information Exposure vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | 4.3 |
2017-04-28 | CVE-2016-7843 | Hibara Software | Path Traversal vulnerability in Hibara Software products Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | 4.3 |
2017-04-28 | CVE-2016-7842 | Hibara | Path Traversal vulnerability in Hibara Attachecase Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | 4.3 |
2017-04-28 | CVE-2016-7841 | Olive Design | Cross-site Scripting vulnerability in Olive Design Olive Diary DX Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2017-04-28 | CVE-2016-7840 | Olive Design | Cross-site Scripting vulnerability in Olive Design Olive Blog Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. | 4.3 |
2017-04-28 | CVE-2016-7839 | Olive Design | Cross-site Scripting vulnerability in Olive Design Olive Blog Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2017-04-27 | CVE-2017-3008 | Adobe | Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016 Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability. | 4.3 |
2017-04-26 | CVE-2016-8962 | IBM | Credentials Management vulnerability in IBM Bigfix Inventory 9.0/9.2 IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 4.3 |
2017-04-26 | CVE-2016-8924 | IBM | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.1/7.5/7.6 IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. | 4.3 |
2017-04-26 | CVE-2017-6052 | Hyundaiusa | Multiple Security vulnerability in Hyundaiusa Blue Link 3.9.4/3.9.5 A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. | 4.3 |
2017-04-25 | CVE-2017-7987 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. | 4.3 |
2017-04-25 | CVE-2017-7986 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. | 4.3 |
2017-04-25 | CVE-2017-7985 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | 4.3 |
2017-04-25 | CVE-2017-7984 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. | 4.3 |
2017-04-25 | CVE-2016-8030 | Mcafee | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Virusscan Enterprise 8.8 A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link. | 4.3 |
2017-04-24 | CVE-2017-5046 | Google Redhat Debian | V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure. | 4.3 |
2017-04-24 | CVE-2017-5041 | Improper Input Validation vulnerability in Google Chrome Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. | 4.3 | |
2017-04-24 | CVE-2017-5040 | Google Debian Redhat | V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page. | 4.3 |
2017-04-24 | CVE-2017-5033 | Google Debian Redhat | Improper Preservation of Permissions vulnerability in multiple products Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword. | 4.3 |
2017-04-24 | CVE-2017-3559 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.3 |
2017-04-24 | CVE-2017-3544 | Oracle Redhat Debian | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). | 4.3 |
2017-04-24 | CVE-2017-3535 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.3 |
2017-04-24 | CVE-2017-3533 | Oracle Redhat Debian | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). | 4.3 |
2017-04-24 | CVE-2017-3495 | Oracle | Remote Security vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). | 4.3 |
2017-04-24 | CVE-2017-3494 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Retail Teller). | 4.3 |
2017-04-24 | CVE-2017-3480 | Oracle | Remote Security vulnerability in Oracle Flexcube Universal Banking 11.3.0/11.4.0/12.0.1 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.3 |
2017-04-24 | CVE-2017-3471 | Oracle | Remote Security vulnerability in Oracle Flexcube Private Banking 12.0.0/12.1.0 Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). | 4.3 |
2017-04-24 | CVE-2017-3469 | Oracle | Remote Security vulnerability in Oracle MySQL Workbench Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). | 4.3 |
2017-04-24 | CVE-2017-3467 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). | 4.3 |
2017-04-24 | CVE-2016-5016 | Pivotal Software | Improper Certificate Validation vulnerability in Pivotal Software products Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired. | 4.3 |
2017-04-24 | CVE-2017-8103 | Mybb | Cross-site Scripting vulnerability in Mybb In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event. | 4.3 |
2017-04-24 | CVE-2017-8100 | Artistscope | Cross-Site Request Forgery (CSRF) vulnerability in Artistscope Copysafe web Protection There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. | 4.3 |
2017-04-24 | CVE-2017-8098 | E107 | Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.4 e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. | 4.3 |
2017-04-24 | CVE-2017-7723 | WP Ecommerce | Cross-site Scripting vulnerability in Wp-Ecommerce Easy WP Smtp XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body. | 4.3 |
2017-04-24 | CVE-2016-3076 | Python | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Python Pillow Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | 4.3 |
2017-04-24 | CVE-2017-2334 | Juniper | Information Exposure vulnerability in Juniper Northstar Controller An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system. | 4.3 |
2017-04-24 | CVE-2017-8085 | Exponentcms | Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.3.0/2.3.1 In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. | 4.3 |
2017-04-24 | CVE-2017-7944 | Xoops | Cross-site Scripting vulnerability in Xoops 2.5.8.1 XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php. | 4.3 |
2017-04-24 | CVE-2017-8082 | Concretecms | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS 8.1.0 concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. | 4.3 |
2017-04-24 | CVE-2010-5321 | Linux | Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. | 4.3 |
2017-04-24 | CVE-2017-3565 | Oracle | Local Security vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). | 4.1 |
2017-04-30 | CVE-2017-8371 | Schneider Electric | Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Data Center Expert 7.3.1 Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 4.0 |
2017-04-29 | CVE-2017-7644 | Paloaltonetworks | Information Exposure vulnerability in Paloaltonetworks Pan-Os The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541. | 4.0 |
2017-04-28 | CVE-2017-1141 | IBM | Information Exposure vulnerability in IBM Insights Foundation FOR Energy 1.0/1.5/1.6 IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. | 4.0 |
2017-04-28 | CVE-2017-2117 | Cubecart | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. | 4.0 |
2017-04-28 | CVE-2017-2116 | Cybozu | Unspecified vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. | 4.0 |
2017-04-28 | CVE-2017-2115 | Cybozu | Incorrect Permission Assignment for Critical Resource vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | 4.0 |
2017-04-28 | CVE-2017-2098 | Cubecart | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 4.0 |
2017-04-28 | CVE-2017-2095 | Cybozu | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. | 4.0 |
2017-04-28 | CVE-2017-2094 | Cybozu | Improper Privilege Management vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. | 4.0 |
2017-04-28 | CVE-2017-2091 | Cybozu | Multiple Security vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. | 4.0 |
2017-04-28 | CVE-2017-2090 | Cubecart | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 4.0 |
2017-04-25 | CVE-2017-8219 | TP Link | Improper Input Validation vulnerability in Tp-Link C20I Firmware and C2 Firmware TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. | 4.0 |
2017-04-25 | CVE-2017-7989 | Joomla | Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla! In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | 4.0 |
2017-04-24 | CVE-2017-3560 | Oracle | Information Exposure vulnerability in Oracle Hospitality Opera 5 Property Services Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). | 4.0 |
2017-04-24 | CVE-2017-3509 | Oracle | Remote Security vulnerability in Oracle JDK and JRE Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). | 4.0 |
2017-04-24 | CVE-2017-3491 | Oracle | Remote Security vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.0.1/12.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). | 4.0 |
2017-04-24 | CVE-2017-3488 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). | 4.0 |
2017-04-24 | CVE-2017-3481 | Oracle | Remote Security vulnerability in Oracle Flexcube Universal Banking 11.3.0/11.4.0/12.0.1 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.0 |
2017-04-24 | CVE-2017-3475 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Private Banking Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). | 4.0 |
2017-04-24 | CVE-2017-3473 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Private Banking Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). | 4.0 |
2017-04-24 | CVE-2017-3465 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). | 4.0 |
2017-04-24 | CVE-2017-3464 | Oracle Debian Redhat Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 4.0 |
2017-04-24 | CVE-2017-3463 | Oracle Debian | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). | 4.0 |
2017-04-24 | CVE-2017-3462 | Oracle Debian | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). | 4.0 |
2017-04-24 | CVE-2017-3461 | Oracle Debian | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). | 4.0 |
2017-04-24 | CVE-2017-3460 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). | 4.0 |
2017-04-24 | CVE-2017-3459 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 4.0 |
2017-04-24 | CVE-2017-3458 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.0 |
2017-04-24 | CVE-2017-3457 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.0 |
2017-04-24 | CVE-2017-3456 | Oracle Debian Mariadb Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.0 |
2017-04-24 | CVE-2017-3453 | Oracle Debian Mariadb Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 4.0 |
2017-04-24 | CVE-2017-3452 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 4.0 |
2017-04-24 | CVE-2017-3331 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.0 |
2017-04-24 | CVE-2017-3309 | Oracle Debian Mariadb Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 4.0 |
2017-04-24 | CVE-2017-3308 | Oracle Debian Mariadb Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.0 |
2017-04-24 | CVE-2016-3114 | Kallithea | Permissions, Privileges, and Access Controls vulnerability in Kallithea 0.3.1 Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access. | 4.0 |
2017-04-24 | CVE-2017-1000358 | Opendaylight | NULL Pointer Dereference vulnerability in Opendaylight 4.0 Controller throws an exception and does not allow user to add subsequent flow for a particular switch. | 4.0 |
2017-04-24 | CVE-2017-2333 | Juniper | Resource Exhaustion vulnerability in Juniper Northstar Controller A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server. | 4.0 |
2017-04-24 | CVE-2017-2325 | Juniper | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Northstar Controller A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. | 4.0 |
2017-04-24 | CVE-2017-2318 | Juniper | Information Exposure vulnerability in Juniper Northstar Controller A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges. | 4.0 |
2017-04-24 | CVE-2015-0107 | IBM | Path Traversal vulnerability in IBM products IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors. | 4.0 |
52 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-04-24 | CVE-2017-3617 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3616 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3615 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3614 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3613 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3612 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3611 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3610 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3609 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3608 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3607 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3605 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3604 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2017-04-24 | CVE-2017-3568 | Oracle | Local Security vulnerability in Oracle Hospitality OPERA 5 Property Services Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing and Login). | 3.7 |
2017-04-24 | CVE-2017-3511 | Oracle | Local Security vulnerability in Oracle Jdk, JRE and Jrockit Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). | 3.7 |
2017-04-24 | CVE-2017-3486 | Oracle | Local Security vulnerability in Oracle SQL Plus 11.2.0.4/12.1.0.2 Vulnerability in the SQL*Plus component of Oracle Database Server. | 3.7 |
2017-04-24 | CVE-2017-3618 | Oracle | Local Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 3.6 |
2017-04-24 | CVE-2017-3587 | Oracle | Double Free Local Memory Corruption vulnerability in Oracle VM VirtualBox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). | 3.6 |
2017-04-24 | CVE-2017-3575 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 3.6 |
2017-04-24 | CVE-2017-3505 | Oracle | Local Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 3.6 |
2017-04-24 | CVE-2017-3504 | Oracle | Local Security vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 3.6 |
2017-04-24 | CVE-2017-3307 | Oracle | Remote Security vulnerability in Oracle MySQL Enterprise Monitor Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). | 3.6 |
2017-04-28 | CVE-2017-2148 | Iodata | Cross-site Scripting vulnerability in Iodata Wn-Ac1167Gr Firmware Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2017-04-28 | CVE-2017-2114 | Cybozu | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2017-04-28 | CVE-2017-2092 | Cybozu | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2017-04-27 | CVE-2017-8302 | Blueriver | Cross-site Scripting vulnerability in Blueriver Muracms 7.0.6967 Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm. | 3.5 |
2017-04-27 | CVE-2017-8298 | Cnvs | Cross-site Scripting vulnerability in Cnvs Canvas 3.3.0 cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. | 3.5 |
2017-04-24 | CVE-2017-3603 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 3.5 |
2017-04-24 | CVE-2017-3598 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 3.5 |
2017-04-24 | CVE-2017-3567 | Oracle | Remote Security vulnerability in Oracle Database 11.2.0.4/12.1.0.2 Vulnerability in the OJVM component of Oracle Database Server. | 3.5 |
2017-04-24 | CVE-2017-3552 | Oracle | Information Exposure vulnerability in Oracle Hospitality Opera 5 Property Services Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Room Image/Picture Setup). | 3.5 |
2017-04-24 | CVE-2017-3490 | Oracle | Remote Security vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.0.0/12.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). | 3.5 |
2017-04-24 | CVE-2017-3487 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). | 3.5 |
2017-04-24 | CVE-2017-3468 | Oracle | Remote Security vulnerability in Oracle MySQL Server Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). | 3.5 |
2017-04-24 | CVE-2017-8102 | S9Y | Cross-site Scripting vulnerability in S9Y Serendipity 2.1 Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. | 3.5 |
2017-04-28 | CVE-2017-2109 | Cybozu | Information Exposure vulnerability in Cybozu Kunai 3.0.4/3.0.5/3.0.5.1 Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. | 2.6 |
2017-04-27 | CVE-2017-8301 | Openbsd | Improper Certificate Validation vulnerability in Openbsd Libressl 2.5.1/2.5.2/2.5.3 LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx. | 2.6 |
2017-04-24 | CVE-2017-3626 | Oracle | Remote Security vulnerability in Oracle Glassfish Server 3.1.2 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). | 2.6 |
2017-04-25 | CVE-2017-8109 | Saltstack | Information Exposure vulnerability in Saltstack Salt The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients). | 2.1 |
2017-04-25 | CVE-2017-5625 | Oneplus | NULL Pointer Dereference vulnerability in Oneplus Oxygenos In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command. | 2.1 |
2017-04-24 | CVE-2017-3590 | Oracle | Local Security vulnerability in Oracle MySQL Connectors Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). | 2.1 |
2017-04-24 | CVE-2017-3589 | Oracle | Local Security vulnerability in Oracle Connector/J 5.1.40 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). | 2.1 |
2017-04-24 | CVE-2017-3539 | Oracle Redhat Debian | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). | 2.1 |
2017-04-24 | CVE-2017-3498 | Oracle | Information Exposure vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 2.1 |
2017-04-24 | CVE-2017-3474 | Oracle | Local Security vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone). | 2.1 |
2017-04-24 | CVE-2017-2322 | Juniper | Resource Exhaustion vulnerability in Juniper Northstar Controller A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services. | 2.1 |
2017-04-24 | CVE-2017-2329 | Juniper | Improper Authentication vulnerability in Juniper Northstar Controller An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services. | 2.1 |
2017-04-24 | CVE-2017-2328 | Juniper | Information Exposure vulnerability in Juniper Northstar Controller An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller. | 2.1 |
2017-04-24 | CVE-2017-2316 | Juniper | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Northstar Controller A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. | 2.1 |
2017-04-24 | CVE-2014-9680 | Sudo Project | Information Exposure vulnerability in Sudo Project Sudo sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. | 2.1 |
2017-04-24 | CVE-2017-3513 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 1.9 |
2017-04-24 | CVE-2016-5551 | Oracle | Improper Access Control vulnerability in Oracle Solaris Cluster 4.3 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). | 1.9 |