Weekly Vulnerabilities Reports > July 24 to 30, 2017
Overview
212 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 93 high severity vulnerabilities. This weekly summary report vulnerabilities in 186 products from 109 vendors including Debian, Cisco, Artifex, Imagemagick, and Libming. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Read", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Missing Release of Resource after Effective Lifetime".
- 143 reported vulnerabilities are remotely exploitables.
- 28 reported vulnerabilities have public exploit available.
- 55 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 159 reported vulnerabilities are exploitable by an anonymous user.
- Debian has the most reported vulnerabilities, with 16 reported vulnerabilities.
- Graphicsmagick has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
27 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-07-28 | CVE-2017-11720 | Lame Project | Divide By Zero vulnerability in Lame Project Lame 3.99.5 There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. | 9.8 |
2017-07-28 | CVE-2017-11715 | Metinfo Project | Code Injection vulnerability in Metinfo Project Metinfo job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | 9.8 |
2017-07-28 | CVE-2017-11645 | Netcomm | Improper Authentication vulnerability in Netcomm 4Gt101W Bootloader and 4Gt101W Software NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. | 9.8 |
2017-07-28 | CVE-2017-11184 | Glpi Project | SQL Injection vulnerability in Glpi-Project Glpi SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | 9.8 |
2017-07-27 | CVE-2017-11673 | Acunetix | Improper Input Validation vulnerability in Acunetix web vulnerability Scanner 8 Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess." | 9.8 |
2017-07-26 | CVE-2017-11643 | Graphicsmagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick 1.3.26 GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. | 9.8 |
2017-07-26 | CVE-2017-11641 | Graphicsmagick | Missing Release of Resource after Effective Lifetime vulnerability in Graphicsmagick 1.3.26 GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. | 9.8 |
2017-07-26 | CVE-2017-11637 | Graphicsmagick | NULL Pointer Dereference vulnerability in Graphicsmagick 1.3.26 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. | 9.8 |
2017-07-26 | CVE-2017-11636 | Graphicsmagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick 1.3.26 GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. | 9.8 |
2017-07-26 | CVE-2017-11631 | Fiyo | SQL Injection vulnerability in Fiyo CMS 2.0.7 dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. | 9.8 |
2017-07-25 | CVE-2017-11459 | SAP | Code Injection vulnerability in SAP Trex 7.10 SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. | 9.8 |
2017-07-25 | CVE-2015-3278 | NSS Compat Ossl Project | Improper Input Validation vulnerability in NSS Compat Ossl Project NSS Compat Ossl The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors. | 9.8 |
2017-07-25 | CVE-2015-2798 | WEB Dorado | SQL Injection vulnerability in Web-Dorado Contact Form Maker 1.0.1 SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 9.8 |
2017-07-25 | CVE-2017-11614 | Medhost | Use of Hard-coded Credentials vulnerability in Medhost Connex MEDHOST Connex contains hard-coded credentials that are used for customer database access. | 9.8 |
2017-07-25 | CVE-2015-8009 | Mediawiki | Credentials Management vulnerability in Mediawiki The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials. | 9.8 |
2017-07-25 | CVE-2015-2279 | Airlive | OS Command Injection vulnerability in Airlive products cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter. | 9.8 |
2017-07-24 | CVE-2017-11324 | Tilde CMS Project | SQL Injection vulnerability in Tilde CMS Project Tilde CMS 1.0.1 An issue was discovered in Tilde CMS 1.0.1. | 9.8 |
2017-07-24 | CVE-2017-11589 | Cisco | Path Traversal vulnerability in Cisco Residential Gateway Firmware Ddr2200Bnaannexafccv00.00.03.45.4E/Ddr2201V1Naannexafccv00.00.03.28.3 On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. | 9.8 |
2017-07-24 | CVE-2017-11588 | Cisco | OS Command Injection vulnerability in Cisco Residential Gateway Firmware Ddr2200Bnaannexafccv00.00.03.45.4E/Ddr2201V1Naannexafccv00.00.03.28.3 On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. | 9.8 |
2017-07-24 | CVE-2017-11585 | Finecms | Code Injection vulnerability in Finecms 5.0.9 dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | 9.8 |
2017-07-24 | CVE-2017-11584 | Finecms | SQL Injection vulnerability in Finecms 1.9.5/5.0.9 dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php. | 9.8 |
2017-07-24 | CVE-2017-11583 | Finecms | SQL Injection vulnerability in Finecms 1.9.5/5.0.9 dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php. | 9.8 |
2017-07-24 | CVE-2017-11582 | Finecms | SQL Injection vulnerability in Finecms 1.9.5/5.0.9 dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php. | 9.8 |
2017-07-28 | CVE-2017-11694 | Medhost | Use of Hard-coded Credentials vulnerability in Medhost Document Management System MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. | 9.1 |
2017-07-28 | CVE-2017-11693 | Medhost | Use of Hard-coded Credentials vulnerability in Medhost Document Management System MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. | 9.1 |
2017-07-28 | CVE-2017-4919 | Vmware | Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 5.5/6.0/6.5 VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | 9.0 |
2017-07-26 | CVE-2017-5691 | Intel | Unspecified vulnerability in Intel products Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state. | 9.0 |
93 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-07-29 | CVE-2017-11736 | Bigtreecms | SQL Injection vulnerability in Bigtreecms Bigtree CMS 4.2.18 SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. | 8.8 |
2017-07-28 | CVE-2017-6257 | Nvidia | NULL Pointer Dereference vulnerability in Nvidia GPU Driver NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges | 8.8 |
2017-07-28 | CVE-2017-11646 | Netcomm | Cross-Site Request Forgery (CSRF) vulnerability in Netcomm 4Gt101W Bootloader and 4Gt101W Software NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. | 8.8 |
2017-07-27 | CVE-2017-9614 | D R Commander | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D.R.Commander Libjpeg-Turbo 1.5.1 The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. | 8.8 |
2017-07-27 | CVE-2017-11681 | Project Hashtopussy | Improper Privilege Management vulnerability in Project Hashtopussy Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. | 8.8 |
2017-07-27 | CVE-2017-11680 | Project Hashtopussy | Cross-Site Request Forgery (CSRF) vulnerability in Project Hashtopussy Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. | 8.8 |
2017-07-27 | CVE-2017-11679 | Hashtopus Project | Cross-Site Request Forgery (CSRF) vulnerability in Hashtopus Project Hashtopus 1.5G Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | 8.8 |
2017-07-27 | CVE-2017-11678 | Hashtopus Project | SQL Injection vulnerability in Hashtopus Project Hashtopus 1.5G SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | 8.8 |
2017-07-27 | CVE-2017-11675 | ZEN Cart | Code Injection vulnerability in Zen-Cart ZEN Cart 1.5.5E The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | 8.8 |
2017-07-26 | CVE-2017-11642 | Graphicsmagick | NULL Pointer Dereference vulnerability in Graphicsmagick 1.3.26 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. | 8.8 |
2017-07-26 | CVE-2017-11638 | Graphicsmagick | Improper Input Validation vulnerability in Graphicsmagick 1.3.26 GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. | 8.8 |
2017-07-25 | CVE-2017-6753 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. | 8.8 |
2017-07-25 | CVE-2017-9413 | Subsonic | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. | 8.8 |
2017-07-25 | CVE-2016-10401 | Zyxel | Credentials Management vulnerability in Zyxel Pk5001Z Firmware ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | 8.8 |
2017-07-25 | CVE-2015-1332 | Canonical Oxide Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website. | 8.8 |
2017-07-25 | CVE-2015-2280 | Airlink101 | OS Command Injection vulnerability in Airlink101 Skyipcam1620W Wireless N Mpeg4 3Gpp Firmware 1.1.01220120709 snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter. | 8.8 |
2017-07-24 | CVE-2017-11422 | Statamic | Incorrect Permission Assignment for Critical Resource vulnerability in Statamic Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. | 8.8 |
2017-07-26 | CVE-2017-11615 | Factorio | Unspecified vulnerability in Factorio A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library. | 8.6 |
2017-07-25 | CVE-2017-6612 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Series Software A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. | 8.6 |
2017-07-26 | CVE-2017-11667 | Openproject | Insufficient Session Expiration vulnerability in Openproject OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | 8.1 |
2017-07-30 | CVE-2017-11749 | Internet Soft | Untrusted Search Path vulnerability in Internet-Soft FTP Commander 8.02 InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file. | 7.8 |
2017-07-30 | CVE-2017-11748 | Softonic | Untrusted Search Path vulnerability in Softonic Spider Player 2.5.3 VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file. | 7.8 |
2017-07-30 | CVE-2017-11742 | Libexpat Project | Untrusted Search Path vulnerability in Libexpat Project Libexpat 2.2.1/2.2.2 The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking. | 7.8 |
2017-07-28 | CVE-2017-6256 | Nvidia | Improper Input Validation vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges. | 7.8 |
2017-07-28 | CVE-2017-6255 | Nvidia | Improper Input Validation vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges. | 7.8 |
2017-07-28 | CVE-2017-6254 | Nvidia | Improper Input Validation vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges. | 7.8 |
2017-07-28 | CVE-2017-6253 | Nvidia | Classic Buffer Overflow vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or potential escalation of privileges | 7.8 |
2017-07-28 | CVE-2017-6252 | Nvidia | NULL Pointer Dereference vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges. | 7.8 |
2017-07-28 | CVE-2017-6251 | Nvidia | Missing Authorization vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges. | 7.8 |
2017-07-28 | CVE-2017-11719 | Ffmpeg | Out-of-bounds Read vulnerability in Ffmpeg The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. | 7.8 |
2017-07-28 | CVE-2017-11714 | Artifex Debian | Out-of-bounds Read vulnerability in multiple products psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. | 7.8 |
2017-07-27 | CVE-2017-8870 | Mediacoderhq | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mediacoderhq Audiocoder 0.8.46 Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file. | 7.8 |
2017-07-27 | CVE-2016-10402 | Avira | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avira Antivirus 1.0.2303.633/5.0.2003.1821/8.3.36.59 Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow. | 7.8 |
2017-07-27 | CVE-2017-8869 | Mediacoder | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mediacoder 0.8.48.5888 Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file. | 7.8 |
2017-07-26 | CVE-2017-9835 | Artifex Debian | Integer Overflow or Wraparound vulnerability in multiple products The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. | 7.8 |
2017-07-26 | CVE-2017-9740 | Artifex | Out-of-bounds Read vulnerability in Artifex Ghostscript Ghostxps 9.21 The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9739 | Artifex Debian | Out-of-bounds Read vulnerability in multiple products The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9727 | Artifex Debian | Out-of-bounds Read vulnerability in multiple products The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9726 | Artifex Debian | Out-of-bounds Read vulnerability in multiple products The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9620 | Artifex | Out-of-bounds Read vulnerability in Artifex Ghostscript Ghostxps 9.21 The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function. | 7.8 |
2017-07-26 | CVE-2017-9619 | Artifex | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Ghostscript Ghostxps 9.21 The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file. | 7.8 |
2017-07-26 | CVE-2017-9618 | Artifex | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Ghostscript Ghostxps 9.21 The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9612 | Artifex Debian | Use After Free vulnerability in multiple products The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9611 | Artifex Debian | Out-of-bounds Read vulnerability in multiple products The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-26 | CVE-2017-9610 | Artifex | Out-of-bounds Read vulnerability in Artifex Ghostscript Ghostxps 9.21 The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | 7.8 |
2017-07-25 | CVE-2017-11628 | PHP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. | 7.8 |
2017-07-25 | CVE-2015-6585 | Hancom | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hancom Hangul Word Processor 2014 hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag. | 7.8 |
2017-07-25 | CVE-2015-4035 | Tukaani | Improper Input Validation vulnerability in Tukaani XZ 4.999.7/4.999.8/4.999.9 scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. | 7.8 |
2017-07-25 | CVE-2015-1438 | Panda Security | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Panda Security products Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers. | 7.8 |
2017-07-25 | CVE-2017-11566 | Appsec Labs | OS Command Injection vulnerability in Appsec-Labs Appuse 4.0 AppUse 4.0 allows shell command injection via a proxy field. | 7.8 |
2017-07-25 | CVE-2017-7980 | Qemu Canonical Debian Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. | 7.8 |
2017-07-25 | CVE-2017-8033 | Cloudfoundry | Path Traversal vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. | 7.8 |
2017-07-25 | CVE-2017-7541 | Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet. | 7.8 |
2017-07-24 | CVE-2017-8036 | Cloudfoundry | Unspecified vulnerability in Cloudfoundry Capi-Release 1.33.0 An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). | 7.8 |
2017-07-30 | CVE-2017-11692 | Yaml CPP Project | Reachable Assertion vulnerability in Yaml-Cpp Project Yaml-Cpp The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. | 7.5 |
2017-07-30 | CVE-2017-11746 | Inversepath | Files or Directories Accessible to External Parties vulnerability in Inversepath Tenshi 0.15 Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. | 7.5 |
2017-07-29 | CVE-2017-11723 | Xinha | Path Traversal vulnerability in Xinha 0.96 Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | 7.5 |
2017-07-28 | CVE-2017-11717 | Metinfo Project | Authentication Bypass by Spoofing vulnerability in Metinfo Project Metinfo MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. | 7.5 |
2017-07-28 | CVE-2017-11706 | Boozt | Information Exposure vulnerability in Boozt 2.3.3 The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. | 7.5 |
2017-07-27 | CVE-2016-8743 | Apache Netapp Debian Redhat | Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. | 7.5 |
2017-07-27 | CVE-2016-2161 | Apache | Improper Input Validation vulnerability in Apache Http Server In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. | 7.5 |
2017-07-27 | CVE-2016-0736 | Apache | Cryptographic Issues vulnerability in Apache Http Server In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. | 7.5 |
2017-07-27 | CVE-2016-10399 | Sendio | File and Directory Information Exposure vulnerability in Sendio Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL. | 7.5 |
2017-07-27 | CVE-2017-11665 | Ffmpeg | Improper Input Validation vulnerability in Ffmpeg 3.3.2 The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | 7.5 |
2017-07-27 | CVE-2017-11684 | Libav | Unspecified vulnerability in Libav 12.1 There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. | 7.5 |
2017-07-26 | CVE-2017-7659 | Apache | NULL Pointer Dereference vulnerability in Apache Http Server 2.4.24/2.4.25 A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. | 7.5 |
2017-07-26 | CVE-2017-11658 | WP Rocket | Path Traversal vulnerability in Wp-Rocket In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. | 7.5 |
2017-07-26 | CVE-2017-11655 | Sipcrack Project | Missing Release of Resource after Effective Lifetime vulnerability in Sipcrack Project Sipcrack 0.2 A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. | 7.5 |
2017-07-26 | CVE-2017-11630 | Fiyo | Path Traversal vulnerability in Fiyo CMS 2.0.7 dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | 7.5 |
2017-07-25 | CVE-2017-9233 | Libexpat Project Python Debian | Infinite Loop vulnerability in multiple products XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | 7.5 |
2017-07-25 | CVE-2017-6751 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. | 7.5 |
2017-07-25 | CVE-2017-6750 | Cisco | Insecure Default Initialization of Resource vulnerability in Cisco products A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. | 7.5 |
2017-07-25 | CVE-2017-6672 | Cisco | Incorrect Authorization vulnerability in Cisco ASR 5000 Series Software A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. | 7.5 |
2017-07-25 | CVE-2015-8013 | Openpgpjs | Cryptographic Issues vulnerability in Openpgpjs s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message. | 7.5 |
2017-07-25 | CVE-2015-1417 | Freebsd | Resource Exhaustion vulnerability in Freebsd The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections. | 7.5 |
2017-07-25 | CVE-2016-7539 | Imagemagick | Resource Management Errors vulnerability in Imagemagick Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 7.5 |
2017-07-25 | CVE-2017-11499 | Nodejs | Improper Input Validation vulnerability in Nodejs Node.Js Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. | 7.5 |
2017-07-25 | CVE-2017-8035 | Cloudfoundry | Information Exposure vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. | 7.5 |
2017-07-25 | CVE-2015-1847 | Appserver | Path Traversal vulnerability in Appserver Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. | 7.5 |
2017-07-24 | CVE-2017-9553 | Synology | Unspecified vulnerability in Synology Diskstation Manager A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. | 7.5 |
2017-07-24 | CVE-2015-7703 | NTP Oracle Debian Netapp Redhat | Improper Input Validation vulnerability in multiple products The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. | 7.5 |
2017-07-24 | CVE-2017-11326 | Tilde CMS Project | Unrestricted Upload of File with Dangerous Type vulnerability in Tilde CMS Project Tilde CMS 1.0.1 An issue was discovered in Tilde CMS 1.0.1. | 7.5 |
2017-07-24 | CVE-2017-11325 | Tilde CMS Project | Information Exposure vulnerability in Tilde CMS Project Tilde CMS 1.0.1 An issue was discovered in Tilde CMS 1.0.1. | 7.5 |
2017-07-24 | CVE-2017-11592 | Exiv2 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 0.26 There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input. | 7.5 |
2017-07-24 | CVE-2017-11591 | Exiv2 Canonical Debian | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | 7.5 |
2017-07-24 | CVE-2017-11590 | Gnome | NULL Pointer Dereference vulnerability in Gnome Libgxps 0.2.5 There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. | 7.5 |
2017-07-24 | CVE-2017-11587 | Cisco | Path Traversal vulnerability in Cisco Residential Gateway Firmware Ddr2200Bnaannexafccv00.00.03.45.4E/Ddr2201V1Naannexafccv00.00.03.28.3 On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI. | 7.5 |
2017-07-25 | CVE-2017-6746 | Cisco | Improper Input Validation vulnerability in Cisco web Security Appliance A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. | 7.2 |
2017-07-24 | CVE-2017-1382 | IBM | Incorrect Default Permissions vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. | 7.1 |
2017-07-30 | CVE-2017-11756 | Earcms | Unrestricted Upload of File with Dangerous Type vulnerability in Earcms EAR Music 4.1 In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | 7.0 |
2017-07-26 | CVE-2017-6005 | Waves | Unspecified vulnerability in Waves Maxxaudio 1.1.6.0 Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. | 7.0 |
2017-07-25 | CVE-2015-7543 | KDE Artsproject | Race Condition vulnerability in multiple products aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. | 7.0 |
2017-07-24 | CVE-2017-11600 | Linux | Out-of-bounds Read vulnerability in Linux Kernel net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. | 7.0 |
92 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-07-28 | CVE-2015-5191 | Vmware | Race Condition vulnerability in VMWare Tools VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. | 6.7 |
2017-07-25 | CVE-2017-6748 | Cisco | Injection vulnerability in Cisco products A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. | 6.7 |
2017-07-25 | CVE-2017-9457 | Compulab | Improper Input Validation vulnerability in Compulab Intense PC Firmware Cr2.2.0.400.2 Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. | 6.7 |
2017-07-30 | CVE-2017-11755 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.64 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call. | 6.5 |
2017-07-30 | CVE-2017-11754 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.64 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call. | 6.5 |
2017-07-30 | CVE-2017-11753 | Imagemagick | Out-of-bounds Read vulnerability in Imagemagick 7.0.64 The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file. | 6.5 |
2017-07-30 | CVE-2017-11752 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.64 The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
2017-07-30 | CVE-2017-11751 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.64 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
2017-07-30 | CVE-2017-11750 | Imagemagick | NULL Pointer Dereference vulnerability in Imagemagick 6.9.94/7.0.64 The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | 6.5 |
2017-07-29 | CVE-2017-11724 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. | 6.5 |
2017-07-28 | CVE-2017-6260 | Nvidia | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service. | 6.5 |
2017-07-28 | CVE-2017-11722 | Graphicsmagick | Out-of-bounds Read vulnerability in Graphicsmagick 1.3.26 The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. | 6.5 |
2017-07-28 | CVE-2017-11705 | Libming | Missing Release of Resource after Effective Lifetime vulnerability in Libming Ming 0.4.8 A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
2017-07-28 | CVE-2017-11704 | Libming | Out-of-bounds Read vulnerability in Libming Ming 0.4.8 A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
2017-07-28 | CVE-2017-11703 | Libming | Missing Release of Resource after Effective Lifetime vulnerability in Libming Ming 0.4.8 A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
2017-07-27 | CVE-2017-11683 | Exiv2 Canonical Debian | Reachable Assertion vulnerability in multiple products There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | 6.5 |
2017-07-26 | CVE-2017-11644 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.61 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. | 6.5 |
2017-07-26 | CVE-2017-11640 | Imagemagick | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.61 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. | 6.5 |
2017-07-26 | CVE-2017-11639 | Imagemagick | Out-of-bounds Read vulnerability in Imagemagick 7.0.61 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h. | 6.5 |
2017-07-26 | CVE-2017-11613 | Libtiff | Improper Input Validation vulnerability in Libtiff 4.0.8 In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. | 6.5 |
2017-07-25 | CVE-2017-8919 | Netapp | Unspecified vulnerability in Netapp Oncommand API Services 1.0/1.1/1.2 NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors. | 6.5 |
2017-07-25 | CVE-2017-11457 | SAP | XXE vulnerability in SAP Netweaver Application Server Java 7.50 XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249. | 6.5 |
2017-07-25 | CVE-2015-5187 | Candlepinproject | Resource Management Errors vulnerability in Candlepinproject Candlepin Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic. | 6.5 |
2017-07-25 | CVE-2015-4463 | Efrontlearning | Unrestricted Upload of File with Dangerous Type vulnerability in Efrontlearning Efront The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | 6.5 |
2017-07-25 | CVE-2015-4462 | Efrontlearning | Unrestricted Upload of File with Dangerous Type vulnerability in Efrontlearning Efront Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. | 6.5 |
2017-07-24 | CVE-2017-11327 | Tilde CMS Project | Information Exposure vulnerability in Tilde CMS Project Tilde CMS 1.0.1 An issue was discovered in Tilde CMS 1.0.1. | 6.5 |
2017-07-24 | CVE-2017-11608 | Libsass | Out-of-bounds Read vulnerability in Libsass 3.4.5 There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. | 6.5 |
2017-07-24 | CVE-2017-11605 | Libsass | Out-of-bounds Read vulnerability in Libsass 3.4.5 There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. | 6.5 |
2017-07-30 | CVE-2017-11744 | Modx | Cross-site Scripting vulnerability in Modx Revolution 2.5.7 In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. | 6.1 |
2017-07-29 | CVE-2017-11737 | Rspamd Project | Cross-site Scripting vulnerability in Rspamd Project Rspamd interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page. | 6.1 |
2017-07-28 | CVE-2017-6259 | Nvidia | Unspecified vulnerability in Nvidia GPU Driver NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service. | 6.1 |
2017-07-28 | CVE-2017-11718 | Metinfo Project | Open Redirect vulnerability in Metinfo Project Metinfo There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. | 6.1 |
2017-07-28 | CVE-2017-11716 | Metinfo Project | Cross-site Scripting vulnerability in Metinfo Project Metinfo MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. | 6.1 |
2017-07-27 | CVE-2017-11687 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog. | 6.1 |
2017-07-27 | CVE-2017-11686 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. | 6.1 |
2017-07-27 | CVE-2017-11685 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. | 6.1 |
2017-07-27 | CVE-2017-11682 | Hashtopolis | Cross-site Scripting vulnerability in Hashtopolis 0.4.0 Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php. | 6.1 |
2017-07-27 | CVE-2017-11677 | Hashtopus Project | Cross-site Scripting vulnerability in Hashtopus Project Hashtopus 1.5G Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php. | 6.1 |
2017-07-26 | CVE-2017-11666 | Kopano | Cross-site Scripting vulnerability in Kopano Webapp 3.3.0 Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file. | 6.1 |
2017-07-26 | CVE-2017-11612 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. | 6.1 |
2017-07-26 | CVE-2017-11651 | Nexusphp | Cross-site Scripting vulnerability in Nexusphp 1.5 NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. | 6.1 |
2017-07-26 | CVE-2017-11629 | Finecms | Cross-site Scripting vulnerability in Finecms 1.9.5/5.0.10/5.0.9 dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request. | 6.1 |
2017-07-25 | CVE-2016-6133 | Ektron | Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1/9.10 Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx. | 6.1 |
2017-07-25 | CVE-2017-6755 | Cisco | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
2017-07-25 | CVE-2017-11460 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Portal 7.4 Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535. | 6.1 |
2017-07-25 | CVE-2017-11458 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java 7.30 Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783. | 6.1 |
2017-07-25 | CVE-2015-5594 | Zenphoto | Cross-site Scripting vulnerability in Zenphoto The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string. | 6.1 |
2017-07-25 | CVE-2015-0674 | Cisco | Cross-site Scripting vulnerability in Cisco Cloud web Security Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |
2017-07-25 | CVE-2017-11617 | Atmail | Cross-site Scripting vulnerability in Atmail Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes. | 6.1 |
2017-07-24 | CVE-2017-10711 | Simplerisk | Cross-site Scripting vulnerability in Simplerisk 20170614001 In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter. | 6.1 |
2017-07-24 | CVE-2017-11593 | Ooso | Cross-site Scripting vulnerability in Ooso Markdown Preview Plus 0.4.5 Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization. | 6.1 |
2017-07-24 | CVE-2017-11586 | Finecms | Open Redirect vulnerability in Finecms 1.9.5/5.0.9 dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. | 6.1 |
2017-07-24 | CVE-2017-11581 | Finecms | Cross-site Scripting vulnerability in Finecms 5.0.9 dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character. | 6.1 |
2017-07-26 | CVE-2017-11654 | Sipcrack Project | Out-of-bounds Write vulnerability in Sipcrack Project Sipcrack 0.2 An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. | 5.9 |
2017-07-25 | CVE-2015-0904 | Shidax | Improper Certificate Validation vulnerability in Shidax Restaurant Karaoke 1.3.3 The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | 5.9 |
2017-07-30 | CVE-2017-11747 | Tinyproxy Project | Improper Privilege Management vulnerability in Tinyproxy Project Tinyproxy main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command. | 5.5 |
2017-07-29 | CVE-2017-11734 | Libming | Out-of-bounds Read vulnerability in Libming Ming 0.4.8 A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
2017-07-29 | CVE-2017-11733 | Libming Debian | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
2017-07-29 | CVE-2017-11732 | Libming Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
2017-07-29 | CVE-2017-11731 | Libming | Out-of-bounds Read vulnerability in Libming Ming 0.4.8 An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
2017-07-29 | CVE-2017-11730 | Libming | Out-of-bounds Read vulnerability in Libming Ming 0.4.8 A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
2017-07-29 | CVE-2017-11729 | Libming | Out-of-bounds Read vulnerability in Libming Ming 0.4.8 A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
2017-07-29 | CVE-2017-11728 | Libming | Out-of-bounds Read vulnerability in Libming Ming 0.4.8 A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
2017-07-27 | CVE-2017-9545 | Mpg123 | Out-of-bounds Read vulnerability in Mpg123 1.24.0 The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. | 5.5 |
2017-07-27 | CVE-2017-9412 | Lame Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lame Project Lame 3.99.5 The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. | 5.5 |
2017-07-27 | CVE-2017-9260 | Surina | Out-of-bounds Read vulnerability in Surina Soundtouch 1.9.2 The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. | 5.5 |
2017-07-27 | CVE-2017-9259 | Surina | Resource Exhaustion vulnerability in Surina Soundtouch 1.9.2 The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file. | 5.5 |
2017-07-27 | CVE-2017-9258 | Surina | Infinite Loop vulnerability in Surina Soundtouch 1.9.2 The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file. | 5.5 |
2017-07-27 | CVE-2017-11674 | Acunetix | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Acunetix web vulnerability Scanner 8 Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a "Read Access Violation starting at reporter!madTraceProcess." | 5.5 |
2017-07-25 | CVE-2017-11627 | Qpdf Project | Infinite Loop vulnerability in Qpdf Project Qpdf 6.0.0 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop." | 5.5 |
2017-07-25 | CVE-2017-11626 | Qpdf Project | Infinite Loop vulnerability in Qpdf Project Qpdf 6.0.0 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop." | 5.5 |
2017-07-25 | CVE-2017-11625 | Qpdf Project | Infinite Loop vulnerability in Qpdf Project Qpdf 6.0.0 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop." | 5.5 |
2017-07-25 | CVE-2017-11624 | Qpdf Project | Infinite Loop vulnerability in Qpdf Project Qpdf 6.0.0 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop." | 5.5 |
2017-07-25 | CVE-2017-11434 | Qemu Debian | Out-of-bounds Read vulnerability in multiple products The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. | 5.5 |
2017-07-25 | CVE-2015-5221 | Fedoraproject Opensuse Project Opensuse Jasper Project | Use After Free vulnerability in multiple products Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | 5.5 |
2017-07-25 | CVE-2015-3243 | Rsyslog | Information Exposure Through Log Files vulnerability in Rsyslog rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | 5.5 |
2017-07-25 | CVE-2015-3171 | SOS Project | Information Exposure vulnerability in SOS Project SOS 3.2 sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. | 5.5 |
2017-07-25 | CVE-2015-3149 | Redhat | Link Following vulnerability in Redhat products The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. | 5.5 |
2017-07-29 | CVE-2017-11725 | Thycotic | Open Redirect vulnerability in Thycotic Secret Server The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | 5.4 |
2017-07-28 | CVE-2017-11647 | Netcomm | Cross-site Scripting vulnerability in Netcomm 4Gt101W Bootloader and 4Gt101W Software NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. | 5.4 |
2017-07-27 | CVE-2017-11691 | Cacti | Cross-site Scripting vulnerability in Cacti 1.1.13 Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | 5.4 |
2017-07-25 | CVE-2017-6749 | Cisco | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
2017-07-24 | CVE-2017-1380 | IBM | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 5.4 |
2017-07-24 | CVE-2017-1287 | IBM | Open Redirect vulnerability in IBM Rhapsody Design Manager IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |
2017-07-24 | CVE-2017-1249 | IBM | Cross-site Scripting vulnerability in IBM Rhapsody Design Manager IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. | 5.4 |
2017-07-24 | CVE-2017-1245 | IBM | Cross-site Scripting vulnerability in IBM Rational Software Architect Design Manager IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. | 5.4 |
2017-07-24 | CVE-2016-8975 | IBM | Cross-site Scripting vulnerability in IBM Rhapsody Design Manager IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. | 5.4 |
2017-07-24 | CVE-2016-6118 | IBM | Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. | 5.4 |
2017-07-24 | CVE-2017-11594 | Loomio | Cross-site Scripting vulnerability in Loomio Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment. | 5.4 |
2017-07-24 | CVE-2017-9554 | Synology | Information Exposure vulnerability in Synology Diskstation Manager An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. | 5.3 |
2017-07-28 | CVE-2017-11183 | Glpi Project | Improper Input Validation vulnerability in Glpi-Project Glpi front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. | 4.9 |
2017-07-26 | CVE-2017-11671 | GNU | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in GNU GCC Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. | 4.0 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|