Weekly Vulnerabilities Reports > May 15 to 21, 2017
Overview
183 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 54 high severity vulnerabilities. This weekly summary report vulnerabilities in 164 products from 89 vendors including Google, Debian, Cisco, Mcafee, and GNU. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", "Out-of-bounds Read", and "Cross-site Scripting".
- 150 reported vulnerabilities are remotely exploitables.
- 21 reported vulnerabilities have public exploit available.
- 39 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 151 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 21 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 15 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
24 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-05-19 | CVE-2017-5173 | Geutebrueck | OS Command Injection vulnerability in Geutebrueck IP Camera G-Cam Efd-2250 Firmware 1.11.0.12 An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. | 10.0 |
2017-05-18 | CVE-2017-6622 | Cisco | Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. | 10.0 |
2017-05-16 | CVE-2017-6079 | Ribboncommunications | Unspecified vulnerability in Ribboncommunications Edgemarc Firmware The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. | 10.0 |
2017-05-16 | CVE-2016-10372 | EIR | Permissions, Privileges, and Access Controls vulnerability in EIR D1000 Modem Firmware The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature. | 10.0 |
2017-05-15 | CVE-2017-7213 | Zohocorp | Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. | 10.0 |
2017-05-18 | CVE-2017-9058 | Ytnef Project Canonical | Out-of-bounds Read vulnerability in multiple products In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | 9.8 |
2017-05-16 | CVE-2016-10239 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur. | 9.3 | |
2017-05-16 | CVE-2016-10238 | Permissions, Privileges, and Access Controls vulnerability in Google Android In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue. | 9.3 | |
2017-05-16 | CVE-2016-10237 | Improper Access Control vulnerability in Google Android If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory. | 9.3 | |
2017-05-16 | CVE-2015-9003 | Cryptographic Issues vulnerability in Google Android In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel. | 9.3 | |
2017-05-16 | CVE-2015-9002 | Numeric Errors vulnerability in Google Android In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. | 9.3 | |
2017-05-16 | CVE-2015-9000 | NULL Pointer Dereference vulnerability in Google Android In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. | 9.3 | |
2017-05-16 | CVE-2015-8999 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file. | 9.3 | |
2017-05-16 | CVE-2015-8998 | Integer Overflow or Wraparound vulnerability in Google Android In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | 9.3 | |
2017-05-16 | CVE-2015-8995 | Integer Overflow or Wraparound vulnerability in Google Android In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | 9.3 | |
2017-05-16 | CVE-2014-9937 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. | 9.3 | |
2017-05-16 | CVE-2014-9935 | Integer Overflow or Wraparound vulnerability in Google Android In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. | 9.3 | |
2017-05-16 | CVE-2014-9934 | Improper Verification of Cryptographic Signature vulnerability in Google Android A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. | 9.3 | |
2017-05-16 | CVE-2014-9933 | Improper Input Validation vulnerability in Google Android Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. | 9.3 | |
2017-05-16 | CVE-2014-9932 | Integer Overflow or Wraparound vulnerability in Google Android In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. | 9.3 | |
2017-05-16 | CVE-2014-9931 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. | 9.3 | |
2017-05-21 | CVE-2017-9135 | Mimosa | Injection vulnerability in Mimosa Backhaul Radios and Client Radios An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. | 9.0 |
2017-05-21 | CVE-2017-9133 | Mimosa | Injection vulnerability in Mimosa Backhaul Radios and Client Radios An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. | 9.0 |
2017-05-19 | CVE-2017-6048 | Satel Iberia | Command Injection vulnerability in Satel-Iberia products A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. | 9.0 |
54 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-05-16 | CVE-2017-7662 | Apache | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. | 8.8 |
2017-05-16 | CVE-2017-7661 | Apache | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. | 8.8 |
2017-05-19 | CVE-2017-9078 | Dropbear SSH Project Debian Netapp | Double Free vulnerability in multiple products The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | 8.5 |
2017-05-21 | CVE-2017-9100 | Dlink | Improper Authentication vulnerability in Dlink Dir-600M Firmware 3.04 login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | 8.3 |
2017-05-16 | CVE-2017-3882 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. | 8.3 |
2017-05-16 | CVE-2017-3873 | Cisco | Improper Input Validation vulnerability in Cisco Aironet Access Point Firmware 8.3102.0 A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. | 7.9 |
2017-05-21 | CVE-2017-9136 | Mimosa | Incorrect Permission Assignment for Critical Resource vulnerability in Mimosa Backhaul Radios and Client Radios An issue was discovered on Mimosa Client Radios before 2.2.3. | 7.8 |
2017-05-19 | CVE-2017-9077 | Linux | Unspecified vulnerability in Linux Kernel The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 7.8 |
2017-05-19 | CVE-2017-9076 | Linux Debian | The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 7.8 |
2017-05-19 | CVE-2017-9075 | Linux Debian | The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 7.8 |
2017-05-19 | CVE-2017-9074 | Linux | Out-of-bounds Read vulnerability in Linux Kernel The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. | 7.8 |
2017-05-19 | CVE-2017-7935 | Phoenix Contact Gmbh | Resource Exhaustion vulnerability in Phoenix Contact Gmbh Mguard Firmware A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. | 7.8 |
2017-05-18 | CVE-2017-8338 | Mikrotik | Resource Exhaustion vulnerability in Mikrotik Routeros 6.38.5 A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically. | 7.8 |
2017-05-18 | CVE-2017-9043 | GNU | Improper Input Validation vulnerability in GNU Binutils 2.28 readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. | 7.8 |
2017-05-18 | CVE-2017-9042 | GNU | Incorrect Type Conversion or Cast vulnerability in GNU Binutils 2.28 readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. | 7.8 |
2017-05-16 | CVE-2017-3876 | Cisco | Denial of Service vulnerability in Cisco IOS XR Software A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. | 7.8 |
2017-05-21 | CVE-2017-9138 | Tendacn | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tendacn F1200 Firmware, F1202 Firmware and Fh1202 Firmware There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). | 7.7 |
2017-05-16 | CVE-2016-10242 | Race Condition vulnerability in Google Android A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. | 7.6 | |
2017-05-16 | CVE-2015-8997 | Race Condition vulnerability in Google Android In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. | 7.6 | |
2017-05-16 | CVE-2015-8996 | Race Condition vulnerability in Google Android In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. | 7.6 | |
2017-05-16 | CVE-2014-9936 | Race Condition vulnerability in Google Android In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. | 7.6 | |
2017-05-21 | CVE-2017-9137 | Ceragon | Insecure Default Initialization of Resource vulnerability in Ceragon Fiberair Ip-10 Firmware Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). | 7.5 |
2017-05-21 | CVE-2017-9119 | PHP Netapp | Resource Exhaustion vulnerability in multiple products The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | 7.5 |
2017-05-21 | CVE-2017-9117 | Libtiff Canonical | Out-of-bounds Read vulnerability in multiple products In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff. | 7.5 |
2017-05-21 | CVE-2017-9101 | Playsms | Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4 import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | 7.5 |
2017-05-19 | CVE-2017-7504 | Redhat | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. | 7.5 |
2017-05-19 | CVE-2017-6027 | Codesys | Unrestricted Upload of File with Dangerous Type vulnerability in Codesys web Server An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. | 7.5 |
2017-05-19 | CVE-2017-6025 | Codesys | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys web Server A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. | 7.5 |
2017-05-19 | CVE-2017-5174 | Geutebruck | Remote Code Execution vulnerability in Geutebruck IP Camera G-Cam Efd-2250 Firmware 1.11.0.12 An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. | 7.5 |
2017-05-18 | CVE-2017-7503 | Redhat | XXE vulnerability in Redhat Jboss Enterprise Application Platform 7.0.5 It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. | 7.5 |
2017-05-18 | CVE-2017-9055 | Libdwarf Project | Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 20170321 An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. | 7.5 |
2017-05-18 | CVE-2017-9054 | Libdwarf Project | Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 20170321 An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. | 7.5 |
2017-05-18 | CVE-2017-9052 | Libdwarf Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libdwarf Project Libdwarf 20170321 An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. | 7.5 |
2017-05-18 | CVE-2017-9051 | Libav | NULL Pointer Dereference vulnerability in Libav libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. | 7.5 |
2017-05-18 | CVE-2017-9050 | Xmlsoft | Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. | 7.5 |
2017-05-18 | CVE-2017-9049 | Xmlsoft | Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. | 7.5 |
2017-05-18 | CVE-2017-9048 | Xmlsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. | 7.5 |
2017-05-18 | CVE-2017-9047 | Xmlsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4 A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. | 7.5 |
2017-05-18 | CVE-2017-6195 | Ipswitch | SQL Injection vulnerability in Ipswitch Moveit DMZ and Moveit Transfer 2017 Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. | 7.5 |
2017-05-17 | CVE-2017-8917 | Joomla | SQL Injection vulnerability in Joomla Joomla! 3.7.0 SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2017-05-17 | CVE-2017-9031 | Deluge Torrent | Path Traversal vulnerability in Deluge-Torrent Deluge 1.3.14 The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. | 7.5 |
2017-05-17 | CVE-2017-5215 | Codextrous | Improper Input Validation vulnerability in Codextrous B2J Contact The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution. | 7.5 |
2017-05-17 | CVE-2017-9026 | Hootoo | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hootoo Trip Mate 6 Firmware Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted fname parameter of a GET request. | 7.5 |
2017-05-16 | CVE-2017-6886 | Libraw | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libraw An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. | 7.5 |
2017-05-16 | CVE-2017-6885 | Flexerasoftware | Unspecified vulnerability in Flexerasoftware Flexnet Manager Suite An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges. | 7.5 |
2017-05-15 | CVE-2017-6890 | Libraw | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libraw Libraw-Demosaic-Pack-Gpl2 A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow. | 7.5 |
2017-05-15 | CVE-2017-6889 | Libraw | Integer Overflow or Wraparound vulnerability in Libraw Libraw-Demosaic-Pack-Gpl2 An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. | 7.5 |
2017-05-15 | CVE-2017-0252 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. | 7.5 |
2017-05-15 | CVE-2017-0223 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. | 7.5 |
2017-05-15 | CVE-2016-8741 | Apache | Information Exposure vulnerability in Apache Qpid Broker-J The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. | 7.5 |
2017-05-19 | CVE-2017-7968 | Schneider Electric | Incorrect Default Permissions vulnerability in Schneider-Electric Wonderware Indusoft web Studio An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. | 7.2 |
2017-05-18 | CVE-2017-6623 | Cisco | Improper Privilege Management vulnerability in Cisco Policy Suite 10.0.0/10.1.0/11.0.0 A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. | 7.2 |
2017-05-17 | CVE-2017-8849 | Smb4K Project Debian | Improper Input Validation vulnerability in multiple products smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. | 7.2 |
2017-05-17 | CVE-2017-8422 | KDE | Authentication Bypass by Spoofing vulnerability in KDE Kauth and Kdelibs KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. | 7.2 |
96 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-05-21 | CVE-2017-9115 | Openexr | Unspecified vulnerability in Openexr 2.2.0 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. | 6.8 |
2017-05-21 | CVE-2017-9111 | Openexr | Unspecified vulnerability in Openexr 2.2.0 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. | 6.8 |
2017-05-18 | CVE-2017-9064 | Wordpress Debian | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | 6.8 |
2017-05-17 | CVE-2016-3403 | Zimbra Synacor | Cross-Site Request Forgery (CSRF) vulnerability in Synacor Zimbra Collaboration Suite Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899. | 6.8 |
2017-05-16 | CVE-2017-6887 | Libraw | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libraw A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. | 6.8 |
2017-05-15 | CVE-2017-8927 | Cgmlarson | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cgmlarson Vizex Reader 9.7.5 Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. | 6.8 |
2017-05-15 | CVE-2017-8926 | Halliburton | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Halliburton Logview PRO 10.0.1 Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. | 6.8 |
2017-05-19 | CVE-2017-9080 | Playsms | Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4 PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. | 6.5 |
2017-05-18 | CVE-2017-3980 | Mcafee | Path Traversal vulnerability in Mcafee Epolicy Orchestrator A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. | 6.5 |
2017-05-18 | CVE-2017-9069 | Modx | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | 6.5 |
2017-05-18 | CVE-2017-7433 | Micro Focus | Path Traversal vulnerability in Micro Focus Vibe An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. | 6.5 |
2017-05-16 | CVE-2017-7952 | Infor | SQL Injection vulnerability in Infor Enterprise Asset Management 11.0Build201410 INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. | 6.5 |
2017-05-15 | CVE-2017-7489 | Moodle | Improper Privilege Management vulnerability in Moodle In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. | 6.5 |
2017-05-18 | CVE-2017-9053 | Libdwarf Project | Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 20170321 An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. | 6.4 |
2017-05-17 | CVE-2017-9025 | Hootoo | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hootoo Trip Mate 6 Firmware Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header. | 6.4 |
2017-05-19 | CVE-2017-5176 | Rockwellautomation | Uncontrolled Search Path Element vulnerability in Rockwellautomation Connected Components Workbench A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). | 6.2 |
2017-05-17 | CVE-2017-4014 | Mcafee | Session Fixation vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request. | 6.0 |
2017-05-15 | CVE-2017-8943 | Puma | Improper Certificate Validation vulnerability in Puma Pumatrac 3.0.2 The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8942 | Yottamark INC | Improper Certificate Validation vulnerability in Yottamark Inc. Shopwell - Healthy Diet & Grocery Food Scanner The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8941 | Interval International | Improper Certificate Validation vulnerability in Interval International Interval International The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8940 | Zipongo INC | Improper Certificate Validation vulnerability in Zipongo Inc. Healthy Recipes and Grocery Deals 6.2 The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8939 | Warnerbros | Improper Certificate Validation vulnerability in Warnerbros Ellentube 3.1.1/3.1.2/3.1.3 The Warner Bros. | 5.9 |
2017-05-15 | CVE-2017-8938 | Radiojavan | Improper Certificate Validation vulnerability in Radiojavan Radio Javan The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8937 | Life Before US | Improper Certificate Validation vulnerability in Life Before US YO. 2.5.8 The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8936 | Changyou | Improper Certificate Validation vulnerability in Changyou Dolphin web Browser 9.23.0/9.23.2 The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8935 | Gocivix | Improper Certificate Validation vulnerability in Gocivix Indiana Voters 1.1.24 The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-19 | CVE-2015-5241 | Apache | Open Redirect vulnerability in Apache Juddi After logging into the portal, the logout jsp page redirects the browser back to the login page after. | 5.8 |
2017-05-17 | CVE-2015-4070 | WOW NEW Media | Open Redirect vulnerability in WOW NEW Media WOW Moodboard Lite 1.1.1 Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | 5.8 |
2017-05-19 | CVE-2017-7475 | Cairographics | NULL Pointer Dereference vulnerability in Cairographics Cairo 1.15.4 Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. | 5.5 |
2017-05-18 | CVE-2017-9041 | GNU | Out-of-bounds Read vulnerability in GNU Binutils 2.28 GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. | 5.5 |
2017-05-18 | CVE-2017-9040 | GNU | NULL Pointer Dereference vulnerability in GNU Binutils 2.28 GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. | 5.5 |
2017-05-18 | CVE-2017-9039 | GNU | Allocation of Resources Without Limits or Throttling vulnerability in GNU Binutils 2.28 GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. | 5.5 |
2017-05-18 | CVE-2017-9038 | GNU | Out-of-bounds Read vulnerability in GNU Binutils 2.28 GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. | 5.5 |
2017-05-15 | CVE-2017-7495 | Linux | Information Exposure vulnerability in Linux Kernel fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. | 5.5 |
2017-05-15 | CVE-2017-8934 | Pcmanfm Project | Improper Input Validation vulnerability in Pcmanfm Project Pcmanfm 1.2.5 PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). | 5.5 |
2017-05-21 | CVE-2017-9134 | Mimosa | Information Exposure vulnerability in Mimosa Backhaul Radios and Client Radios An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. | 5.0 |
2017-05-21 | CVE-2017-9132 | Mimosa | Use of Hard-coded Credentials vulnerability in Mimosa Backhaul Radios and Client Radios A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. | 5.0 |
2017-05-21 | CVE-2017-9131 | Mimosa | Improper Input Validation vulnerability in Mimosa Backhaul Radios and Client Radios An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. | 5.0 |
2017-05-21 | CVE-2014-9970 | Jasypt Project | Information Exposure vulnerability in Jasypt Project Jasypt jasypt before 1.9.2 allows a timing attack against the password hash comparison. | 5.0 |
2017-05-21 | CVE-2017-9024 | Secure Bytes | Path Traversal vulnerability in Secure-Bytes Secure Cisco Auditor 3.0 Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. | 5.0 |
2017-05-19 | CVE-2017-9098 | Imagemagick Graphicsmagick Debian | Use of Uninitialized Resource vulnerability in multiple products ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. | 5.0 |
2017-05-19 | CVE-2017-9091 | Allen Disk Project | Improper Input Validation vulnerability in Allen Disk Project Allen Disk 1.6 /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. | 5.0 |
2017-05-19 | CVE-2017-9090 | Allen Disk Project | Improper Input Validation vulnerability in Allen Disk Project Allen Disk 1.6 reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | 5.0 |
2017-05-19 | CVE-2017-5177 | Vipa Controls | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Vipa Controls Winplc7 Firmware A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. | 5.0 |
2017-05-18 | CVE-2017-6652 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence Ix5000 8.2.0Base A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. | 5.0 |
2017-05-18 | CVE-2017-6621 | Cisco | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. | 5.0 |
2017-05-18 | CVE-2017-9066 | Wordpress Debian | Server-Side Request Forgery (SSRF) vulnerability in Wordpress In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | 5.0 |
2017-05-18 | CVE-2017-9065 | Wordpress Debian | Improper Input Validation vulnerability in Wordpress In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. | 5.0 |
2017-05-18 | CVE-2017-9062 | Wordpress Debian | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | 5.0 |
2017-05-17 | CVE-2017-4017 | Mcafee | Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0 User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface. | 5.0 |
2017-05-17 | CVE-2017-4016 | Mcafee | Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header. | 5.0 |
2017-05-17 | CVE-2017-4013 | Mcafee | Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header. | 5.0 |
2017-05-17 | CVE-2017-4012 | Mcafee | Unspecified vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request. | 5.0 |
2017-05-17 | CVE-2017-9030 | Codextrous | Path Traversal vulnerability in Codextrous B2J Contact The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. | 5.0 |
2017-05-17 | CVE-2017-5214 | Codextrous | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Codextrous B2J Contact The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. | 5.0 |
2017-05-16 | CVE-2017-6658 | Cisco | Out-of-bounds Read vulnerability in Cisco Sourcefire Snort 3.0 Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. | 5.0 |
2017-05-16 | CVE-2017-6657 | Cisco | Unspecified vulnerability in Cisco Snort++ Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. | 5.0 |
2017-05-16 | CVE-2017-6651 | Cisco | Information Exposure vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. | 5.0 |
2017-05-16 | CVE-2017-3825 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence CE and Telepresence TC A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. | 5.0 |
2017-05-15 | CVE-2017-7478 | Openvpn | Improper Input Validation vulnerability in Openvpn OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. | 5.0 |
2017-05-15 | CVE-2017-7490 | Moodle | Exposure of Resource to Wrong Sphere vulnerability in Moodle In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | 5.0 |
2017-05-18 | CVE-2017-9059 | Linux | Improper Resource Shutdown or Release vulnerability in Linux Kernel The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak. | 4.9 |
2017-05-19 | CVE-2017-9079 | Dropbear SSH Project Debian | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. | 4.7 |
2017-05-19 | CVE-2017-4979 | EMC | Remote Privilege Escalation vulnerability in EMC Isilon OneFS EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. | 4.6 |
2017-05-18 | CVE-2017-8769 | Missing Encryption of Sensitive Data vulnerability in Whatsapp Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. | 4.6 | |
2017-05-17 | CVE-2017-7493 | Qemu Debian | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. | 4.6 |
2017-05-17 | CVE-2017-4015 | Mcafee | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. | 4.5 |
2017-05-21 | CVE-2017-9046 | Pmail | Improper Input Validation vulnerability in Pmail Pegasus 4.72 winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. | 4.4 |
2017-05-19 | CVE-2017-6016 | Leao Consultoria E Desenvolvimento DE Sistemas | Local Access Bypass vulnerability in LAquis SCADA An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. | 4.4 |
2017-05-18 | CVE-2017-9067 | Modx PHP | Path Traversal vulnerability in multiple products In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | 4.4 |
2017-05-21 | CVE-2017-9116 | Openexr | Unspecified vulnerability in Openexr 2.2.0 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. | 4.3 |
2017-05-21 | CVE-2017-9114 | Openexr | Unspecified vulnerability in Openexr 2.2.0 In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. | 4.3 |
2017-05-21 | CVE-2017-9113 | Openexr | Unspecified vulnerability in Openexr 2.2.0 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. | 4.3 |
2017-05-21 | CVE-2017-9112 | Openexr | Unspecified vulnerability in Openexr 2.2.0 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. | 4.3 |
2017-05-21 | CVE-2017-9110 | Openexr | Unspecified vulnerability in Openexr 2.2.0 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. | 4.3 |
2017-05-21 | CVE-2017-7620 | Mantisbt | Cross-Site Request Forgery (CSRF) vulnerability in Mantisbt MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI. | 4.3 |
2017-05-19 | CVE-2017-9094 | Entropymine | Infinite Loop vulnerability in Entropymine Imageworsener The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | 4.3 |
2017-05-19 | CVE-2017-9093 | Entropymine | Infinite Loop vulnerability in Entropymine Imageworsener The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | 4.3 |
2017-05-19 | CVE-2017-9083 | Freedesktop | NULL Pointer Dereference vulnerability in Freedesktop Poppler 0.54.0 poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. | 4.3 |
2017-05-19 | CVE-2017-7937 | Phoenix Contact Gmbh | Improper Authentication vulnerability in Phoenix Contact Gmbh Mguard Firmware An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. | 4.3 |
2017-05-18 | CVE-2017-9072 | Calendarxp | Cross-site Scripting vulnerability in Calendarxp Flatcalendarxp and Popcalendarxp Two CalendarXP products have XSS in common parts of HTML files. | 4.3 |
2017-05-18 | CVE-2017-9068 | Modx | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter. | 4.3 |
2017-05-18 | CVE-2017-9063 | Wordpress Debian | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | 4.3 |
2017-05-18 | CVE-2017-9061 | Wordpress Debian | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. | 4.3 |
2017-05-18 | CVE-2017-9045 | Missing Encryption of Sensitive Data vulnerability in Google I/O 2017 The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file. | 4.3 | |
2017-05-18 | CVE-2017-9044 | GNU | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. | 4.3 |
2017-05-17 | CVE-2017-4011 | Mcafee | Cross-site Scripting vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request. | 4.3 |
2017-05-17 | CVE-2015-3998 | Clickfraud Monitoring Phpwhois Project | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php. | 4.3 |
2017-05-16 | CVE-2017-7488 | Authconfig Project | Information Exposure vulnerability in Authconfig Project Authconfig 6.2.8 Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames. | 4.3 |
2017-05-16 | CVE-2015-9001 | Information Exposure vulnerability in Google Android In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | 4.3 | |
2017-05-15 | CVE-2017-7491 | Moodle | Cross-Site Request Forgery (CSRF) vulnerability in Moodle In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. | 4.3 |
2017-05-15 | CVE-2016-9750 | IBM | Credentials Management vulnerability in IBM Qradar Security Information and Event Manager 7.2.0/7.3.0 IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. | 4.0 |
2017-05-15 | CVE-2016-9735 | IBM | Information Exposure vulnerability in IBM products IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. | 4.0 |
2017-05-15 | CVE-2016-5979 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Distributed Marketing IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. | 4.0 |
2017-05-15 | CVE-2017-7479 | Openvpn | Reachable Assertion vulnerability in Openvpn OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | 4.0 |
2017-05-15 | CVE-2017-5655 | Apache | Information Exposure vulnerability in Apache Ambari In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. | 4.0 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-05-19 | CVE-2017-4978 | RSA | Cross-site Scripting vulnerability in RSA Adaptive Authentication (On Premise) EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 3.5 |
2017-05-18 | CVE-2017-9070 | Modx | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php. | 3.5 |
2017-05-16 | CVE-2017-8382 | Admidio | Cross-Site Request Forgery (CSRF) vulnerability in Admidio 3.2.8 admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. | 3.5 |
2017-05-16 | CVE-2017-7953 | Infor | Cross-site Scripting vulnerability in Infor Enterprise Asset Management 11.0 INFOR EAM V11.0 Build 201410 has XSS via comment fields. | 3.5 |
2017-05-19 | CVE-2017-7907 | Schneider Electric | XXE vulnerability in Schneider-Electric Wonderware Historian Client An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. | 3.3 |
2017-05-15 | CVE-2017-8933 | Libmenu Cache Project | Improper Input Validation vulnerability in Libmenu-Cache Project Libmenu-Cache 1.0.2 Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability). | 3.3 |
2017-05-21 | CVE-2017-9139 | Tendacn | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tendacn F1200 Firmware, F1202 Firmware and Fh1202 Firmware There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). | 2.7 |
2017-05-18 | CVE-2017-9071 | Modx | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. | 2.6 |
2017-05-17 | CVE-2016-10374 | Perltidy Project | Link Following vulnerability in Perltidy Project Perltidy perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete. | 2.1 |