SB17-107: Vulnerability Summary for the Week of April 10, 2017

The Patriot · #1 04-18-2017, 08:20 AM

SB17-107: Vulnerability Summary for the Week of April 10, 2017

04-17-2017 02:56 AM

Original release date: April 17, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoamazon -- fire_osStack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.2017-04-0910.0 CVE-2015-7292
MISCatlassian -- jiraThe JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.2017-04-107.5 CVE-2017-5983
MISC
BID
CONFIRM
CONFIRM
CERT-VNaxis -- axis_communications_firmwareAXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."2017-04-097.8 CVE-2015-8258
EXPLOIT-DBbotan_project -- botanbotan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.2017-04-107.8 CVE-2015-7825
CONFIRM
CONFIRMbotan_project -- botanbotan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.2017-04-107.5 CVE-2015-7826
CONFIRM
CONFIRMbotan_project -- botanThe Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.2017-04-107.5 CVE-2016-6878
CONFIRMcisco -- aironet_access_pointA vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).2017-04-077.2 CVE-2016-9196
BID
CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115).2017-04-077.2 CVE-2017-6597
BID
CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69).2017-04-077.2 CVE-2017-6598
BID
CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136.2017-04-077.2 CVE-2017-6600
BID
CONFIRMcisco -- firepower_management_centerA vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.2017-04-077.1 CVE-2017-3885
BID
CONFIRMcisco -- mobility_services_engineA vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).2017-04-077.2 CVE-2016-9197
BID
CONFIRMcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has a format string issue exploitable over SNMP.2017-04-097.5 CVE-2016-5074
MISCdataprobe -- ibootbar_firmwareDataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.2017-04-077.5 CVE-2007-6759
MISCdataprobe -- ibootbar_firmwareDataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.2017-04-077.5 CVE-2007-6760
MISCdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.2017-04-097.5 CVE-2015-7271
MISC
BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.2017-04-097.5 CVE-2015-7272
MISC
BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.2017-04-097.5 CVE-2015-7273
MISCgnu -- binutilselflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.2017-04-097.5 CVE-2017-7614
MISCgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.2017-04-079.3 CVE-2017-0538
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.2017-04-079.3 CVE-2017-0539
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.2017-04-079.3 CVE-2017-0540
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.2017-04-079.3 CVE-2017-0541
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.2017-04-079.3 CVE-2017-0542
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866.2017-04-079.3 CVE-2017-0543
BID
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.2017-04-079.3 CVE-2017-0544
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350.2017-04-079.3 CVE-2017-0545
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.2017-04-079.3 CVE-2017-0546
BID
CONFIRMgoogle -- androidA remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.2017-04-077.1 CVE-2017-0548
BID
CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508.2017-04-077.1 CVE-2017-0549
BID
CONFIRM
CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140.2017-04-077.1 CVE-2017-0550
BID
CONFIRM
CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097231.2017-04-077.1 CVE-2017-0551
BID
CONFIRM
CONFIRM
CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915.2017-04-077.1 CVE-2017-0552
BID
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065.2017-04-077.6 CVE-2017-0553
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. References: M-ALPS02898189.2017-04-079.3 CVE-2017-0562
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516.2017-04-077.6 CVE-2017-0565
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367.2017-04-077.6 CVE-2017-0566
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406.2017-04-077.6 CVE-2017-0578
BID
CONFIRMgynoii -- gcw-1010Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.2017-04-0910.0 CVE-2015-2881
MISCibaby -- m3s_baby_monitor_firmwareiBaby M3S has a password of admin for the backdoor admin account.2017-04-0910.0 CVE-2015-2887
MISClens_laboratories -- peek-a-view_firmwareLens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.2017-04-0910.0 CVE-2015-2885
MISClinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.2017-04-077.6 CVE-2017-0454
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.2017-04-077.6 CVE-2017-0462
CONFIRMlinux -- linux_kernelA remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.2017-04-0710.0 CVE-2017-0561
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409.2017-04-079.3 CVE-2017-0563
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203.2017-04-079.3 CVE-2017-0564
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575.2017-04-077.6 CVE-2017-0567
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600.2017-04-077.6 CVE-2017-0568
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666.2017-04-077.6 CVE-2017-0569
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688.2017-04-077.6 CVE-2017-0570
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541.2017-04-077.6 CVE-2017-0571
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597.2017-04-077.6 CVE-2017-0572
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539.2017-04-077.6 CVE-2017-0573
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189.2017-04-077.6 CVE-2017-0574
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099.2017-04-077.6 CVE-2017-0575
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.2017-04-077.6 CVE-2017-0576
BID
MISC
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951.2017-04-077.6 CVE-2017-0577
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406.2017-04-077.6 CVE-2017-0579
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.2017-04-077.6 CVE-2017-0580
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485.2017-04-077.6 CVE-2017-0581
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836.2017-04-077.6 CVE-2017-0582
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788.2017-04-077.6 CVE-2017-0583
BID
CONFIRMlinux -- linux_kernelcrypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.2017-04-107.8 CVE-2017-7618
MISC
BIDnews_system_project -- news_systemSQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.2017-04-077.5 CVE-2017-7581
MISCninka_project -- ninkaNinka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.2017-04-107.5 CVE-2017-7239
MLIST
BID
CONFIRMosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.2017-04-097.5 CVE-2016-5053
MISCphilips -- in.sight_b120\37Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.2017-04-0910.0 CVE-2015-2882
MISCproxygen_project -- proxygenThe SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.2017-04-097.5 CVE-2015-7264
MISCschneider-electric -- conext_combox_865-1058_firmwareAn issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.2017-04-077.8 CVE-2017-6019
CONFIRM
BID
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.2017-04-097.5 CVE-2016-5065
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.2017-04-0910.0 CVE-2016-5066
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.2017-04-099.0 CVE-2016-5067
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.2017-04-097.5 CVE-2016-5068
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.2017-04-097.5 CVE-2016-5069
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.2017-04-0910.0 CVE-2016-5071
MISCsophos -- cyberoam_cr25ing_utm_firmwareSophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.2017-04-079.0 CVE-2016-7786
MISCsummer_infant -- baby_zoom_wifi_monitor_firmwareSummer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.2017-04-097.5 CVE-2015-2888
MISCtrendnet -- tv-ip743sicTRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.2017-04-099.0 CVE-2015-2880
MISCvertivco -- liebert_multilink_automated_shutdownLiebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.2017-04-097.2 CVE-2015-7260
MISC Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- igniteApache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.2017-04-074.3 CVE-2016-6805
CONFIRM
BIDatlassian -- bitbucketAtlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.2017-04-094.0 CVE-2016-4320
BID
MISCatlassian -- jiraAtlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.2017-04-096.8 CVE-2016-4319
BID
MISCaxis -- axis_communications_firmwareAXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.2017-04-096.8 CVE-2015-8255
EXPLOIT-DBbotan_project -- botanbotan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.2017-04-105.0 CVE-2015-7824
CONFIRM
CONFIRMbotan_project -- botanThe X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.2017-04-105.0 CVE-2016-6879
CONFIRMcastle_rock_computing -- snmpcCastle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.2017-04-094.3 CVE-2015-6027
MISCcastle_rock_computing -- snmpcCastle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.2017-04-096.5 CVE-2015-6028
MISCcesanta -- mongoose_osUse-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.2017-04-105.0 CVE-2017-7185
BUGTRAQ
BID
CONFIRM
CONFIRM
MISCcisco -- asr_900_series_firmwareA vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP.2017-04-076.1 CVE-2017-6603
BID
CONFIRMcisco -- firepower_threat_defenseA vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.2017-04-074.3 CVE-2017-3887
BID
CONFIRMcisco -- ios_xeA vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.2017-04-076.9 CVE-2017-6606
BID
CONFIRMcisco -- ios_xrA vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL.2017-04-075.0 CVE-2017-6599
BID
CONFIRMcisco -- prime_infrastructureA vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0).2017-04-074.3 CVE-2017-3848
BID
CONFIRMcisco -- prime_infrastructureA vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).2017-04-074.0 CVE-2017-3884
BID
CONFIRMcisco -- registered_envelope_serviceA vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015.2017-04-075.8 CVE-2017-3889
BID
CONFIRMcisco -- unified_communications_managerA vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).2017-04-074.0 CVE-2017-3886
BID
CONFIRMcisco -- unified_computing_systemA vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.2017-04-075.8 CVE-2017-6604
BID
CONFIRMcisco -- unified_computing_system_directorA vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0).2017-04-074.0 CVE-2017-3817
BID
CONFIRMcisco -- wireless_lan_controllerA vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3).2017-04-075.0 CVE-2016-9195
BID
CONFIRMcloudera -- cdhImpala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.2017-04-105.0 CVE-2016-6605
CONFIRMcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has XSS via SNMP.2017-04-094.3 CVE-2016-5073
MISCcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has XSS via a TELNET login.2017-04-094.3 CVE-2016-5075
MISCcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.2017-04-095.0 CVE-2016-5076
MISCdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.2017-04-094.6 CVE-2015-7270
MISC
BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.2017-04-096.5 CVE-2015-7274
MISC
BID
BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.2017-04-094.3 CVE-2015-7275
MISC
BIDdlink -- dwr-116_firmwareDirectory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.2017-04-105.0 CVE-2017-6190
BID
MISCelfutils_project -- elfutilsThe handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3 CVE-2017-7607
MISCelfutils_project -- elfutilsThe ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3 CVE-2017-7608
MISCelfutils_project -- elfutilself_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-04-094.3 CVE-2017-7609
MISCelfutils_project -- elfutilsThe check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3 CVE-2017-7610
MISCelfutils_project -- elfutilsThe check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3 CVE-2017-7611
MISCelfutils_project -- elfutilsThe check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3 CVE-2017-7612
MISCelfutils_project -- elfutilselflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-04-094.3 CVE-2017-7613
MISCeparaksts -- eparakstitajs_3LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.2017-04-094.3 CVE-2015-8275
MISCeparaksts -- eparakstitajs_3LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files.2017-04-094.3 CVE-2015-8276
MISCfoxitsoftware -- foxit_pdf_toolkitMemory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.2017-04-076.8 CVE-2017-7584
BID
CONFIRMgoogle -- androidAn information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.2017-04-074.3 CVE-2017-0547
BID
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.2017-04-076.8 CVE-2017-0554
BID
CONFIRMgoogle -- androidAn information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775.2017-04-074.3 CVE-2017-0555
BID
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952.2017-04-074.3 CVE-2017-0556
BID
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.2017-04-074.3 CVE-2017-0557
BID
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.2017-04-074.3 CVE-2017-0558
BID
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722.2017-04-074.3 CVE-2017-0559
BID
CONFIRMgoogle -- androidAn information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.2017-04-074.3 CVE-2017-0560
BID
CONFIRMibaby -- m6_baby_monitor_firmwareiBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.2017-04-095.0 CVE-2015-2886
MISCilias_project -- iliasILIAS before 5.2.3 has XSS via SVG documents.2017-04-074.3 CVE-2017-7583
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickcoders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-094.3 CVE-2017-7606
MISCimagemagick -- imagemagickIn ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.2017-04-105.0 CVE-2017-7619
CONFIRMimageworsener_project -- imageworsenerThe iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.2017-04-104.3 CVE-2017-7623
BID
CONFIRMimageworsener_project -- imageworsenerThe iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.2017-04-104.3 CVE-2017-7624
BID
CONFIRMjive_software -- jiveJive before 2016.3.1 has an open redirect from the external-link.jspa page.2017-04-095.8 CVE-2016-4334
MISCkeepassx_project -- keepassxIn KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.2017-04-105.0 CVE-2015-8378
CONFIRM
CONFIRMlibaacplus_project -- libaacplusau_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8 CVE-2017-7603
MISClibaacplus_project -- libaacplusau_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8 CVE-2017-7604
MISClibaacplus_project -- libaacplusaacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8 CVE-2017-7605
MISClibming -- libmingMultiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831.2017-04-076.8 CVE-2017-7578
CONFIRMlibsndfile_project -- libsndfileIn libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.2017-04-074.3 CVE-2017-7585
CONFIRM
CONFIRM
CONFIRM
MISClibsndfile_project -- libsndfileIn libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.2017-04-074.3 CVE-2017-7586
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRMlibtiff -- libtiffThe putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8 CVE-2017-7592
MISC
BIDlibtiff -- libtifftif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.2017-04-094.3 CVE-2017-7593
MISC
BIDlibtiff -- libtiffThe OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.2017-04-094.3 CVE-2017-7594
MISC
BIDlibtiff -- libtiffThe JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.2017-04-094.3 CVE-2017-7595
MISClibtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8 CVE-2017-7596
BID
MISClibtiff -- libtifftif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8 CVE-2017-7597
BID
MISClibtiff -- libtifftif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.2017-04-094.3 CVE-2017-7598
BID
MISClibtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8 CVE-2017-7599
BID
BID
MISClibtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8 CVE-2017-7600
MISClibtiff -- libtiffLibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8 CVE-2017-7601
BID
MISClibtiff -- libtiffLibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8 CVE-2017-7602
BID
MISCnetapp -- clustered_data_ontapNetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.2017-04-105.0 CVE-2017-5988
CONFIRMnetikus -- eventsentryNetikus EventSentry before 3.2.1.44 has XSS via SNMP.2017-04-094.3 CVE-2016-5077
MISCopencv -- opencvOpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.2017-04-096.8 CVE-2016-1516
MISC
MISCopencv -- opencvOpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.2017-04-094.3 CVE-2016-1517
MISC
MISCopenidm_project -- openidmIn OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js.2017-04-084.0 CVE-2017-7589
MISC
CONFIRMopenidm_project -- openidmOpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.2017-04-084.3 CVE-2017-7590
MISC
CONFIRMopenidm_project -- openidmOpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.2017-04-084.3 CVE-2017-7591
MISC
CONFIRMopmantek -- network_management_information_systemOpmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.2017-04-096.0 CVE-2016-6534
MISCopsview -- opsviewOpsview before 2015-11-06 has XSS via SNMP.2017-04-094.3 CVE-2015-6035
MISCosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.2017-04-095.0 CVE-2016-5051
MISCosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.2017-04-095.0 CVE-2016-5052
MISCosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.2017-04-095.0 CVE-2016-5054
MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page.2017-04-094.3 CVE-2016-5055
MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.2017-04-095.0 CVE-2016-5056
MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.2017-04-095.0 CVE-2016-5057
MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.2017-04-095.0 CVE-2016-5058
MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application.2017-04-094.0 CVE-2016-5059
MISCoxidforge -- oxid_eshopOXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.2017-04-096.5 CVE-2016-5072
MISCpaessler -- prtgPaessler PRTG before 16.2.24.4045 has XSS via SNMP.2017-04-094.3 CVE-2016-5078
MISCphilips -- in.sight_b120\37Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.2017-04-095.0 CVE-2015-2884
MISCphpmyfaq -- phpmyfaqinc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.2017-04-074.3 CVE-2017-7579
CONFIRM
CONFIRMpivotx -- pivotxPivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.2017-04-076.5 CVE-2017-7570
MISCproxygen_project -- proxygenThe SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.2017-04-095.0 CVE-2015-7263
MISCproxygen_project -- proxygenFacebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.2017-04-095.0 CVE-2015-7265
MISCsap -- netweaverThe SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.2017-04-104.0 CVE-2016-10304
MISCsap -- sql_anywhereBuffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778.2017-04-104.0 CVE-2016-10310
BID
MISCschneider-electric -- interactive_graphical_scada_systemA DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path.2017-04-076.8 CVE-2017-6033
CONFIRM
BID
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.2017-04-095.0 CVE-2016-5070
MISCspiceworks -- desktopSpiceworks Desktop before 2015-12-01 has XSS via an SNMP response.2017-04-094.3 CVE-2015-6021
MISCsummer_infant -- baby_zoom_wifi_monitor_firmwareSummer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.2017-04-096.5 CVE-2015-2889
MISCswagger_project -- swagger-uiSwagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.2017-04-094.3 CVE-2016-5682
MISCvisioncritical -- vision_criticalVision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files.2017-04-095.0 CVE-2014-2960
MISCweb2py -- web2pyweb2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.2017-04-105.0 CVE-2016-10321
CONFIRM
CONFIRMxiongmai_technologies -- uc-httpdXiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.2017-04-075.0 CVE-2017-7577
MISC Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- apple_musicThe Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-072.9 CVE-2017-2387
MISC
BID
CONFIRMatlassian -- confluenceAtlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.2017-04-093.5 CVE-2016-4317
BID
MISCatlassian -- jiraAtlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.2017-04-093.5 CVE-2016-4318
BID
MISCcisco -- firepower_extensible_operating_systemA vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647).2017-04-073.6 CVE-2017-6601
BID
CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138).2017-04-073.6 CVE-2017-6602
BID
CONFIRMcisco -- unified_communications_managerA vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).2017-04-073.5 CVE-2017-3888
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731.2017-04-072.6 CVE-2017-0584
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.2017-04-072.6 CVE-2017-0585
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.2017-04-072.6 CVE-2017-0586
BID
CONFIRMlinux -- linux_kernelIncorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.2017-04-102.1 CVE-2017-7616
CONFIRM
BID
CONFIRMopmantek -- network_management_information_systemOpmantek NMIS before 8.5.12G has XSS via SNMP.2017-04-093.5 CVE-2016-5642
MISCphilips -- in.sight_b120\37Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.2017-04-093.5 CVE-2015-2883
MISC Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_flash_playerAdobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3058
BID
CONFIRMadobe -- acrobat_flash_playerAdobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3063
BID
CONFIRMadobe -- acrobat_flash_player
*Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3062
BID
CONFIRMadobe -- acrobat_flash_player
*Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3060
BID
CONFIRMadobe -- acrobat_flash_player
*Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3061
BID
CONFIRMadobe -- acrobat_flash_player
*Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3059
BID
CONFIRMadobe -- acrobat_flash_player
*Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3064
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3023
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) format parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3019
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin.2017-04-12not yet calculatedCVE-2017-3012
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when manipulating PDF annotations. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3024
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the renderer functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3018
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3026
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of JPEG files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3051
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging.2017-04-12not yet calculatedCVE-2017-3013
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module.2017-04-12not yet calculatedCVE-2017-3020
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.2017-04-12not yet calculatedCVE-2017-3021
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.2017-04-12not yet calculatedCVE-2017-3022
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3011
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3057
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3030
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal scan line representation in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3048
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.2017-04-12not yet calculatedCVE-2017-3032
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset form functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3014
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3056
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3044
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to manipulation of EMF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3054
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3015
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3017
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3050
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3025
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3027
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3028
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.2017-04-12not yet calculatedCVE-2017-3029
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.2017-04-12not yet calculatedCVE-2017-3033
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.2017-04-12not yet calculatedCVE-2017-3031
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3035
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3038
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3065
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3036
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3037
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3034
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3039
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3041
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3042
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 image compression module. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3040
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box.2017-04-12not yet calculatedCVE-2017-3045
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stream parsing.2017-04-12not yet calculatedCVE-2017-3046
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality.2017-04-12not yet calculatedCVE-2017-3043
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3049
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EMF - enhanced meta file format.2017-04-12not yet calculatedCVE-2017-3052
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files.2017-04-12not yet calculatedCVE-2017-3053
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3047
BID
CONFIRMadobe -- acrobat_reader
*Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3055
BID
CONFIRMadobe -- campaignAdobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.2017-04-12not yet calculatedCVE-2017-2989
BID
CONFIRMadobe -- photoshop_ccAdobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3004
BID
CONFIRMadobe -- photoshop_cc
*Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.2017-04-12not yet calculatedCVE-2017-3005
BID
CONFIRMadobe -- thorAdobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.2017-04-12not yet calculatedCVE-2017-3006
BID
CONFIRMadobe -- thorAdobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.2017-04-12not yet calculatedCVE-2017-3007
BID
CONFIRMapache -- tomcatBuffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.2017-04-12not yet calculatedCVE-2016-6808
MISC
REDHAT
FULLDISC
CONFIRM
MLIST
BID
SECTRACK
REDHAT
REDHATapache -- tomee
*The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.2017-04-11not yet calculatedCVE-2016-0779
MISC
MLIST
CONFIRM
BUGTRAQ
BID
MISCapple -- ios_shoplat_applicationShoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.2017-04-13not yet calculatedCVE-2016-1132
JVN
JVNDBapple -- mac_os_x
*Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.2017-04-13not yet calculatedCVE-2010-1821
APPLEapple -- mac_os_x
*Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image.2017-04-13not yet calculatedCVE-2010-1816
APPLEappleple -- a-blog_cmsCross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.2017-04-12not yet calculatedCVE-2016-1179
JVN
JVNDB
CONFIRMappleple -- a-blog_cmsThe session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.2017-04-12not yet calculatedCVE-2016-1178
JVN
JVNDB
CONFIRMasterisk -- asterisk
*Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.2017-04-10not yet calculatedCVE-2017-7617
CONFIRM
BID
CONFIRMatutor -- atutorSQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.2017-04-13not yet calculatedCVE-2016-2555
MISC
MISC
CONFIRM
CONFIRMauromeera -- emli
*Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.2017-04-11not yet calculatedCVE-2017-7621
MISCbigtree_cms -- bigtree_cms
*Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.2017-04-11not yet calculatedCVE-2017-7695
MISC
MISC
MISCbigtree_cms -- bigtree_cms
*BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.2017-04-15not yet calculatedCVE-2017-7881
MISC
MISCbitrix -- bitrix
*Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.2017-04-14not yet calculatedCVE-2015-8356
MISC
BUGTRAQ
MISCblackberry -- blackberry_enterprise_serverMultiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.2017-04-13not yet calculatedCVE-2016-1915
FULLDISC
MISC
CONFIRMblackberry -- blackberry_enterprise_serverMultiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.2017-04-13not yet calculatedCVE-2016-1914
FULLDISC
MISC
CONFIRMblue_coat -- sslv
*Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server.2017-04-11not yet calculatedCVE-2016-10259
BID
CONFIRMbrother -- multiple_devices
*On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.2017-04-12not yet calculatedCVE-2017-7588
MISCcandlepin_project -- candlepinThe Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.2017-04-14not yet calculatedCVE-2016-4455
REDHAT
REDHAT
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMcitrix -- netscaler_gateway
*A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.2017-04-13not yet calculatedCVE-2017-7219
BID
CONFIRMconcrete5 -- concrete5
*concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector.2017-04-13not yet calculatedCVE-2017-7725
MISC
MISC
MISCdde -- dde
*dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.2017-04-10not yet calculatedCVE-2017-7622
MISCdebian -- inspircd
*Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.2017-04-13not yet calculatedCVE-2015-6674
DEBIAN
CONFIRM
GENTOOeclipse -- jettyThe path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.2017-04-13not yet calculatedCVE-2016-4800
MLIST
MISC
BID
MISCember.js -- ember.js
*Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.2017-04-13not yet calculatedCVE-2015-7565
CONFIRM
CONFIRMeyesofnetwork -- eyesofnetwork
*Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter in module/monitoring_ged/ged_functions.php or the (5) type parameter in monitoring_ged/ajax.php.2017-04-11not yet calculatedCVE-2017-6088
MLIST
BIDf5 -- big-ip_apmThe TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.2017-04-11not yet calculatedCVE-2016-7467
BID
CONFIRMfeh -- feh
*In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.2017-04-14not yet calculatedCVE-2017-7875
CONFIRM
CONFIRMffmpeg -- ffmpeg
*FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.2017-04-14not yet calculatedCVE-2017-7863
MISC
MISCffmpeg -- ffmpeg
*FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.2017-04-14not yet calculatedCVE-2017-7866
MISC
MISCffmpeg -- ffmpeg
*FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.2017-04-14not yet calculatedCVE-2017-7865
MISC
MISCffmpeg -- ffmpeg
*FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.2017-04-14not yet calculatedCVE-2017-7862
MISC
MISCffmpeg -- ffmpeg
*FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.2017-04-14not yet calculatedCVE-2017-7859
MISCfirejail -- firejail
*Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10121
MLIST
MLISTfirejail -- firejail
*Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10123
MLIST
MLISTfirejail -- firejail
*Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.2017-04-13not yet calculatedCVE-2016-10118
MLIST
MLISTfirejail -- firejail
*Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10120
MLIST
MLISTfirejail -- firejail
*Firejail does not properly clean environment variables, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10122
MLIST
MLISTfirejail -- firejail
*Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.2017-04-13not yet calculatedCVE-2016-10117
MLIST
MLISTfirejail -- firejail
*Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10119
MLIST
MLISTfiyo_cms -- fiyo_cms
*In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.2017-04-10not yet calculatedCVE-2017-7625
BID
MISCflatcore -- flatcore_cms
*CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.2017-04-14not yet calculatedCVE-2017-7877
CONFIRMflatcore -- flatcore_cms
*SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.2017-04-14not yet calculatedCVE-2017-7879
CONFIRMflatcore -- flatcore_cms
*SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.2017-04-14not yet calculatedCVE-2017-7878
CONFIRMfortimail -- fortimail
*An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.2017-04-12not yet calculatedCVE-2017-3125
CONFIRM
BIDfoscam -- foscam_networked_devices
*Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.2017-04-10not yet calculatedCVE-2017-7648
MISCfreetype -- freetype_2
*FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.2017-04-14not yet calculatedCVE-2017-7858
MISC
MISCfreetype -- freetype_2
*FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.2017-04-14not yet calculatedCVE-2017-7857
MISC
MISCfreetype -- freetype_2
*FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.2017-04-14not yet calculatedCVE-2017-7864
MISC
MISCfreetype_project -- freetype_2FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.2017-04-14not yet calculatedCVE-2016-10328
MISC
MISC
MISCgame-music-emu -- game-music-emugame-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.2017-04-12not yet calculatedCVE-2016-9958
SUSE
SUSE
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISCgame-music-emu -- game-music-emuStack-based buffer overflow in game-music-emu before 0.6.1.2017-04-12not yet calculatedCVE-2016-9957
SUSE
SUSE
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISCgame-music-emu -- game-music-emugame-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.2017-04-12not yet calculatedCVE-2016-9959
SUSE
SUSE
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISCghostscript -- ghostscript
*The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.2017-04-14not yet calculatedCVE-2016-8602
CONFIRM
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRMgnu -- a2ps
*Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.2017-04-13not yet calculatedCVE-2015-8107
MLIST
BIDgnutls -- gnutls
*GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.2017-04-14not yet calculatedCVE-2017-7869
MISC
MISC
CONFIRMgoogle -- androidmediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.2017-04-13not yet calculatedCVE-2014-7921
CONFIRM
CONFIRMgoogle -- androidmediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.2017-04-13not yet calculatedCVE-2014-7920
CONFIRM
CONFIRMgoogle -- androidHTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.2017-04-13not yet calculatedCVE-2016-1155
MISC
JVNgoogle -- android_kernelDrivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.2017-04-12not yet calculatedCVE-2016-5856
SECTRACK
CONFIRM
CONFIRMgoogle -- chromeA use-after-free in AnimationController::endAnimationUpdate in Google Chrome.2017-04-11not yet calculatedCVE-2013-6647
CONFIRMgoogle -- chromeGoogle Chrome caches TLS sessions before certificate validation occurs.2017-04-13not yet calculatedCVE-2013-6662
CONFIRMgoogle -- grpcGoogle gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.2017-04-14not yet calculatedCVE-2017-7861
MISC
MISCgoogle -- grpcGoogle gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.2017-04-14not yet calculatedCVE-2017-7860
MISC
MISChipchat -- server
*Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.2017-04-14not yet calculatedCVE-2017-7357
BUGTRAQ
CONFIRM
CONFIRMhuawei -- p7
*Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.2017-04-13not yet calculatedCVE-2015-7740
CONFIRMhuawei -- p7
*Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver.2017-04-13not yet calculatedCVE-2015-8223
CONFIRMi-o_data -- rock_disk
*Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713.2017-04-13not yet calculatedCVE-2014-3887
CONFIRM
JVNibm -- financial_transition_managerIBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.2017-04-14not yet calculatedCVE-2017-1152
CONFIRMibm -- platform_lsfIBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741.2017-04-14not yet calculatedCVE-2017-1205
MISCibm -- tivoliIBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540.2017-04-14not yet calculatedCVE-2016-8927
CONFIRMibm -- tivoli
*IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.2017-04-14not yet calculatedCVE-2016-8926
CONFIRMibm -- tivoli
*IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.2017-04-14not yet calculatedCVE-2016-8925
CONFIRMicu_project -- icu
*International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.2017-04-14not yet calculatedCVE-2017-7867
MISC
MISCicu_project -- icu
*International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.2017-04-14not yet calculatedCVE-2017-7868
MISC
MISCimagemagick -- imagemagick
*coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.2017-04-11not yet calculatedCVE-2014-9837
MISC
MLIST
CONFIRMimagemagick -- imagemagick
*The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).2017-04-11not yet calculatedCVE-2014-8716
MISC
BID
CONFIRMimagemagick -- imagemagick
*The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.2017-04-11not yet calculatedCVE-2014-8354
MISC
BID
CONFIRM
MISCimagemagick -- imagemagick
*DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).2017-04-11not yet calculatedCVE-2014-8562
BID
CONFIRM
MISC
MISCimagemagick -- imagemagick
*PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).2017-04-11not yet calculatedCVE-2014-8355
MISC
BID
CONFIRM
MISCinspircd -- inspircd
*InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).2017-04-13not yet calculatedCVE-2012-6697
DEBIAN
CONFIRM
CONFIRM
GENTOOintellinet_network -- nfc-30ir_IP_camera
*Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.2017-04-11not yet calculatedCVE-2017-7461
EXPLOIT-DBintellinet_network -- nfc-30ir_IP_camera
*Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.2017-04-11not yet calculatedCVE-2017-7462
EXPLOIT-DBivywe -- ivyweMultiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-14not yet calculatedCVE-2016-4875
JVN
JVNDB
BID
CONFIRM
CONFIRMjackson-dataformat-xml -- jackson-dataformat-xmlXmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.2017-04-14not yet calculatedCVE-2016-7051
CONFIRMjoomla -- joomla
*The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).2017-04-12not yet calculatedCVE-2017-7628
MISC
MISC
MISCjoomla -- joomla
*The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).2017-04-12not yet calculatedCVE-2017-7626
MISC
MISC
MISCjoomla -- joomla
*The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).2017-04-12not yet calculatedCVE-2017-7627
MISC
MISCkancolleviewer -- kancolleviewer
*KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.2017-04-13not yet calculatedCVE-2015-2947
CONFIRM
JVNkony -- enterprise_mobile_management
*Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.2017-04-11not yet calculatedCVE-2017-5672
MISCktools.net -- photostoreSQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.2017-04-12not yet calculatedCVE-2016-4337
MISC
EXPLOIT-DBlenovo_group -- lenovo_customer_care_software_development_ kit
*Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.2017-04-10not yet calculatedCVE-2016-8235
BID
CONFIRMlenovo_group -- lenovo_updates
*Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.2017-04-10not yet calculatedCVE-2016-8237
BID
CONFIRMlibdwarf -- libdwarf
*dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.2017-04-10not yet calculatedCVE-2016-5041
MLIST
MLIST
CONFIRMlibreoffice_project -- libreofficeLibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.2017-04-14not yet calculatedCVE-2016-10327
MISC
MISClibreoffice_project -- libreoffice
*LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.2017-04-14not yet calculatedCVE-2017-7856
MISC
MISClibreoffice_project -- libreoffice
*LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.2017-04-15not yet calculatedCVE-2017-7882
MISC
MISClibreoffice_project -- libreoffice
*LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.2017-04-14not yet calculatedCVE-2017-7870
MISC
MISClibsamplerate -- libsamplerate
*In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.2017-04-11not yet calculatedCVE-2017-7697
BID
CONFIRMlibsndfile -- libsndfile
*In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.2017-04-12not yet calculatedCVE-2017-7741
MISC
MISClibsndfile -- libsndfile
*In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.2017-04-12not yet calculatedCVE-2017-7742
MISC
MISClibtiff -- libtiffThe setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.2017-04-11not yet calculatedCVE-2016-5322
DEBIAN
MLIST
BID
BID
CONFIRM
GENTOOlibxml2 -- libxml2The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.2017-04-11not yet calculatedCVE-2016-4483
DEBIAN
MLIST
MLIST
MLIST
MLIST
CONFIRM
BID
CONFIRM
CONFIRMlinux -- linux_kernel
*udevd in udev 232, when the Linux kernel 4.8.0 is used, does not properly verify the source of a Netlink message, which allows local users to execute arbitrary commands by leveraging access to the NETLINK_KOBJECT_UEVENT family, and the presence of the /lib/udev/rules.d/50-udev-default.rules file, to provide a crafted REMOVE_CMD value.2017-04-15not yet calculatedCVE-2017-7874
MISClinux -- linux_kernel
*The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.2017-04-11not yet calculatedCVE-2016-5011
REDHAT
CONFIRM
CONFIRM
MLIST
BID
SECTRACK
CONFIRMmicrosoft -- .net_frameworkMicrosoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."2017-04-12not yet calculatedCVE-2017-0160
BID
CONFIRMmicrosoft -- edgeAn information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0208
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0201.2017-04-12not yet calculatedCVE-2017-0093
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0200
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0205
BID
CONFIRMmicrosoft -- edge
*A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0203
BID
CONFIRMmicrosoft -- excelMicrosoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0195
BID
CONFIRMmicrosoft -- excelMicrosoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0194
BID
CONFIRMmicrosoft -- internet_explorerA remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0093.2017-04-12not yet calculatedCVE-2017-0201
BID
CONFIRMmicrosoft -- internet_explorerAn elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0210
BID
CONFIRMmicrosoft -- internet_explorer
*A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0202
BID
CONFIRMmicrosoft -- officeMicrosoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."2017-04-12not yet calculatedCVE-2017-0199
BID
MISC
CONFIRM
MISCmicrosoft -- onenote
*Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."2017-04-12not yet calculatedCVE-2017-0197
BID
CONFIRMmicrosoft -- outlookMicrosoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0106
BID
CONFIRMmicrosoft -- outlookMicrosoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0204
BID
CONFIRMmicrosoft -- outlook
*Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."2017-04-12not yet calculatedCVE-2017-0207
BID
CONFIRMmicrosoft -- windowsThe Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0155
BID
CONFIRMmicrosoft -- windowsA Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0058
BID
CONFIRMmicrosoft -- windowsA denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."2017-04-12not yet calculatedCVE-2017-0191
BID
CONFIRMmicrosoft -- windowsAn information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0167
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0188.2017-04-12not yet calculatedCVE-2017-0189
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0156
BID
CONFIRMmicrosoft -- windowsA Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189.2017-04-12not yet calculatedCVE-2017-0188
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0158
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0211
BID
CONFIRMmicrosoft -- windowsA denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."2017-04-12not yet calculatedCVE-2017-0164
BID
CONFIRMmicrosoft -- windowsThe Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0192
BID
CONFIRMmicrosoft -- windowsA security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0159
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0166
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0165
BID
CONFIRMmicrosoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0184
BID
CONFIRMmicrosoft -- windows_hyper-vAn information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168.2017-04-12not yet calculatedCVE-2017-0169
BID
CONFIRMmicrosoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0179
BID
CONFIRMmicrosoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0178
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switchA denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0183
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switchAn information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169.2017-04-12not yet calculatedCVE-2017-0168
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switchA remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0163
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switchA remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0162
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switch
*A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0182
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switch
*A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185.2017-04-12not yet calculatedCVE-2017-0186
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switch
*A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0185
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switch
*A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0180
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switch
*A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180.2017-04-12not yet calculatedCVE-2017-0181
BID
CONFIRMmod_cluster -- mod_clusterStack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.2017-04-12not yet calculatedCVE-2016-4459
REDHAT
REDHAT
REDHAT
REDHAT
BID
REDHAT
REDHAT
CONFIRMmongodb -- mongodmongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.2017-04-14not yet calculatedCVE-2016-3104
BID
CONFIRM
CONFIRMmoxa -- awk-3131a_wireless_access_pointAn exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response.2017-04-13not yet calculatedCVE-2016-8720
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.2017-04-13not yet calculatedCVE-2016-8725
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.2017-04-13not yet calculatedCVE-2016-8726
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.2017-04-13not yet calculatedCVE-2016-8723
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.2017-04-13not yet calculatedCVE-2016-8724
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.2017-04-13not yet calculatedCVE-2016-8727
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.2017-04-13not yet calculatedCVE-2016-8722
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request.2017-04-12not yet calculatedCVE-2016-8718
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim.2017-04-12not yet calculatedCVE-2016-8719
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.2017-04-12not yet calculatedCVE-2016-8716
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.2017-04-13not yet calculatedCVE-2016-8712
MISCmoxa -- mx-aopc_server
*XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.2017-04-14not yet calculatedCVE-2017-7457
MISC
FULLDISCmoxa -- mxview
*Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.2017-04-14not yet calculatedCVE-2017-7455
MISC
MISC
FULLDISCmoxa -- mxview
*Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.2017-04-14not yet calculatedCVE-2017-7456
MISC
FULLDISCmozilla_project -- bugzilla
*Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.2017-04-12not yet calculatedCVE-2016-2803
MISC
BUGTRAQ
SECTRACK
CONFIRMnetapp -- oncommand
*NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.2017-04-10not yet calculatedCVE-2017-7345
BID
CONFIRMnettle -- nettleThe RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.2017-04-14not yet calculatedCVE-2016-6489
REDHAT
MLIST
UBUNTU
CONFIRM
MISC
CONFIRMnetty -- nettyhandler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).2017-04-13not yet calculatedCVE-2016-4970
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMnovastor -- novabackup_datacenterThe datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.2017-04-13not yet calculatedCVE-2016-4898
CONFIRMnovastor -- novabackup_datacenterThe datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.2017-04-13not yet calculatedCVE-2016-4899
CONFIRMoliver -- oliver
*Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php).2017-04-13not yet calculatedCVE-2014-2710
MISC
FULLDISC
BUGTRAQopenssh -- openssh
*The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.2017-04-11not yet calculatedCVE-2016-1908
MLIST
CONFIRM
BID
CONFIRM
CONFIRMopenstack -- nova-lxd
*OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.2017-04-12not yet calculatedCVE-2017-5936
MLIST
BID
UBUNTU
CONFIRM
CONFIRMosip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2016-10326
CONFIRMosip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.2017-04-13not yet calculatedCVE-2016-10324
BID
CONFIRMosip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2016-10325
CONFIRMosip -- osip
*In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2017-7853
CONFIRMpalo_alto_networks -- pan-os
*The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.2017-04-14not yet calculatedCVE-2017-7217
CONFIRMpalo_alto_networks -- pan-os
*The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.2017-04-14not yet calculatedCVE-2017-7218
CONFIRMpalo_alto_networks -- traps_esm_console
*Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.2017-04-14not yet calculatedCVE-2017-7408
BID
CONFIRM
CONFIRMping_identity --openid-connect
*Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.2017-04-12not yet calculatedCVE-2017-6059
MLIST
BID
CONFIRM
MISC
CONFIRMpivotal -- cloud_foundrySQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2017-04-11not yet calculatedCVE-2016-4468
MLIST
CONFIRMproxifier -- proxifier
*Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.2017-04-14not yet calculatedCVE-2017-7643
FULLDISC
MISCproxifier -- proxifier
*Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.2017-04-14not yet calculatedCVE-2017-7690
MISCpulp -- pulpPulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.2017-04-13not yet calculatedCVE-2016-3106
MLIST
MLIST
CONFIRM
CONFIRMqemu_project -- qemu
*Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.2017-04-11not yet calculatedCVE-2015-8504
CONFIRM
MLIST
BID
CONFIRMqemu_project -- qemu
*Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).2017-04-13not yet calculatedCVE-2015-8567
FEDORA
FEDORA
FEDORA
FEDORA
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
DEBIAN
MLIST
BID
UBUNTU
MLIST
GENTOOqemu_project -- qemu
*The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.2017-04-13not yet calculatedCVE-2015-8345
MLIST
BID
MLISTqemu_project -- qemu
*The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).2017-04-13not yet calculatedCVE-2015-8619
MLIST
BID
MLISTqemu_project -- qemu
*Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.2017-04-11not yet calculatedCVE-2015-8613
MLIST
BID
CONFIRM
MLISTqemu_project -- qemu
*Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.2017-04-11not yet calculatedCVE-2015-8666
CONFIRM
MLIST
BID
CONFIRMqemu_project -- qemu
*The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.2017-04-10not yet calculatedCVE-2017-7377
CONFIRM
MLIST
BID
CONFIRM
MLISTqemu_project -- qemu
*Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.2017-04-11not yet calculatedCVE-2015-8568
MLIST
BID
CONFIRM
MLISTquest -- priviledge_manager
*pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.2017-04-14not yet calculatedCVE-2017-6554
MISC
EXPLOIT-DBradare -- radare2
*The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.2017-04-13not yet calculatedCVE-2017-7854
CONFIRM
CONFIRMradare -- radare2
*The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.2017-04-12not yet calculatedCVE-2017-7716
CONFIRMred_hat -- quickstart_cloud_installerThe web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.2017-04-14not yet calculatedCVE-2016-7060
REDHAT
CONFIRMred_hat -- red_hat_satellite_5Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) or (6) tags.2017-04-13not yet calculatedCVE-2016-2104
REDHAT
CONFIRM
CONFIRMresteasy -- resteasyJacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.2017-04-12not yet calculatedCVE-2016-6348
CONFIRMroundcube -- webmailCross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.2017-04-13not yet calculatedCVE-2016-4068
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMroundcube -- webmail
*Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.2017-04-13not yet calculatedCVE-2015-8864
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMrtmpdump -- rtmpdump
*The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).2017-04-13not yet calculatedCVE-2015-8270
BID
MISCrtmpdump -- rtmpdump
*The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.2017-04-13not yet calculatedCVE-2015-8271
BID
MISCrtmpdump -- rtmpdump
*RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).2017-04-13not yet calculatedCVE-2015-8272
BID
MISCsaltstack -- saltstack
*modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.2017-04-13not yet calculatedCVE-2015-1839
FEDORA
CONFIRM
CONFIRM
CONFIRM
CONFIRMsaltstack -- saltstack
*modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.2017-04-13not yet calculatedCVE-2015-1838
FEDORA
CONFIRM
CONFIRM
CONFIRMsamsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4032
MISCsamsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4030
MISCsamsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4031
MISCsamsung -- galaxy_s6Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081.2017-04-13not yet calculatedCVE-2016-2565
MISCsamsung -- galaxy_s6Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.2017-04-13not yet calculatedCVE-2016-2566
MISCsamsung -- galaxy_s6
*SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.2017-04-11not yet calculatedCVE-2015-7893
MISC
BID
CONFIRM
MISC
EXPLOIT-DBsamsung -- samsungSamsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.2017-04-13not yet calculatedCVE-2015-8780
MISCsamsung -- samsung_kernelsecfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.exa...p://google.com URL.2017-04-13not yet calculatedCVE-2016-2567
MISCsamsung -- samsung_kernelThe getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.2017-04-13not yet calculatedCVE-2016-2036
MISCsap -- business_intelligence_platformSQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633.2017-04-13not yet calculatedCVE-2016-6818
MISCsap -- business_warehouse_accelerator
*A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.2017-04-11not yet calculatedCVE-2017-7691
BID
CONFIRMsap -- hanaSAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.2017-04-13not yet calculatedCVE-2016-6143
BID
MISC
MISCsap -- netweaver_as_java
*SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.2017-04-14not yet calculatedCVE-2017-7717
MISCsap -- netweaver
*Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.2017-04-10not yet calculatedCVE-2016-10311
MISCsap -- sap_as_java
*SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.2017-04-14not yet calculatedCVE-2017-7696
MISCschneider_electric -- homelynk_controller
*A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.2017-04-11not yet calculatedCVE-2017-7689
CONFIRM
BID
MISCscm_plug-in -- scm_plug-inThe scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.2017-04-14not yet calculatedCVE-2016-6299
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORAseawell_networks -- spectrum
*Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.2017-04-13not yet calculatedCVE-2015-8283
MISC
FULLDISC
EXPLOIT-DBseawell_networks -- spectrum
*SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.2017-04-13not yet calculatedCVE-2015-8284
MISC
FULLDISC
EXPLOIT-DBseawell_networks -- spectrum
*SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.2017-04-13not yet calculatedCVE-2015-8282
MISC
FULLDISC
EXPLOIT-DBsetroubleshoot -- setroubleshootThe fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.2017-04-11not yet calculatedCVE-2016-4445
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
REDHATsetroubleshoot -- setroubleshootThe allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.2017-04-11not yet calculatedCVE-2016-4444
MLIST
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
REDHATsetroubleshoot -- setroubleshootThe allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.2017-04-11not yet calculatedCVE-2016-4446
MLIST
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
REDHATsetroubleshoot -- setroubleshootsetroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.2017-04-11not yet calculatedCVE-2016-4989
MLIST
SECTRACK
REDHAT
CONFIRM
CONFIRM
CONFIRM
REDHATsetucocms -- setucocmsSetucoCMS allows remote attackers to alter or disclose information, related to session information.2017-04-12not yet calculatedCVE-2016-4896
JVN
JVNDB
BIDsetucocms -- setucocmsSetucoCMS allows remote attackers to cause a denial of service.2017-04-12not yet calculatedCVE-2016-4894
JVN
JVNDB
BIDsetucocms -- setucocmsSetucoCMS allows remote authenticated users to execute arbitrary code.2017-04-12not yet calculatedCVE-2016-4895
JVN
JVNDB
BIDsetucocms -- setucocmsCross-site request forgery (CSRF) vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4891
JVN
JVNDB
BIDsetucocms -- setucocmsSQL injection vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4893
JVN
JVNDB
BIDsetucocms -- setucocmsCross-site scripting (XSS) vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4892
JVN
JVNDB
BIDskia -- skia
*SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash).2017-04-13not yet calculatedCVE-2013-6648
CONFIRM
CONFIRMsolarwinds -- log_and_event_managerSolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.2017-04-10not yet calculatedCVE-2017-7646
CONFIRMsolarwinds -- log_and_event_managerSolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.2017-04-10not yet calculatedCVE-2017-7647
CONFIRMsolarwinds -- log_and_event_managerIn SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.2017-04-12not yet calculatedCVE-2017-7722
MISC
MISCsony -- camerasSONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.2017-04-13not yet calculatedCVE-2016-7834
JVN
CONFIRMsplunk -- enterprise
*Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.2017-04-10not yet calculatedCVE-2017-5607
MISC
FULLDISC
BUGTRAQ
BID
BID
SECTRACK
EXPLOIT-DB
CONFIRMsquashfs -- unsquash
*(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.2017-04-13not yet calculatedCVE-2015-4646
MLIST
BIDsudo -- sudosudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.2017-04-14not yet calculatedCVE-2016-7032
BID
CONFIRM
CONFIRMsymantec -- multiple_products
*The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.2017-04-14not yet calculatedCVE-2016-5309
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
MISC
EXPLOIT-DB
CONFIRMsymantec -- multiple_products
*The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.2017-04-14not yet calculatedCVE-2016-5310
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
MISC
EXPLOIT-DB
CONFIRMsymantec -- symantec_messaging_gatewayDirectory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.2017-04-14not yet calculatedCVE-2016-5312
MISC
FULLDISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBsymantec -- symantec_web_gatewaySymantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.2017-04-12not yet calculatedCVE-2016-5313
MISC
FULLDISC
BID
SECTRACK
CONFIRMsymphony -- symphony_cms
*Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.2017-04-11not yet calculatedCVE-2017-7694
MISC
BID
MISC
MISCsynology -- photo_stationSynology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.2017-04-10not yet calculatedCVE-2016-10322
MISC
MISCsynology -- photo_stationSynology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.2017-04-10not yet calculatedCVE-2016-10323
MISC
MISCteampass -- teampassMultiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.2017-04-12not yet calculatedCVE-2015-7564
CONFIRM
EXPLOIT-DBteampass -- teampassCross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.2017-04-12not yet calculatedCVE-2015-7563
MISC
EXPLOIT-DBteampass -- teampassMultiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.2017-04-12not yet calculatedCVE-2015-7562
CONFIRM
EXPLOIT-DBtrend_micro -- threat_discovery_applianceA command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.2017-04-12not yet calculatedCVE-2016-7547
BID
MISCtrend_micro -- threat_discovery_applianceOn the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.2017-04-12not yet calculatedCVE-2016-7552
BID
MISCtrollpierre/tdm -- trollpierre/tdm
*trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).2017-04-14not yet calculatedCVE-2017-7871
CONFIRM
CONFIRMubuntu -- ubuntu
*The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.2017-04-14not yet calculatedCVE-2016-0727
MISC
BID
SECTRACK
UBUNTU
CONFIRM
CONFIRMumbraco -- umbraco
*The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.2017-04-13not yet calculatedCVE-2012-1301
BUGTRAQ
BID
MISCunisys -- s-par
*Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.2017-04-11not yet calculatedCVE-2017-5873
CONFIRMunitrends -- enterprise_backup
*An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.2017-04-12not yet calculatedCVE-2017-7279
MISCunitrends -- enterprise_backup
*An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.2017-04-12not yet calculatedCVE-2017-7281
MISCunitrends -- enterprise_backup
*An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.2017-04-12not yet calculatedCVE-2017-7284
MISCunitrends -- enterprise_backup
*An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.2017-04-12not yet calculatedCVE-2017-7280
MISCvtiger -- vtiger_crm
*Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.2017-04-14not yet calculatedCVE-2016-1713
MISC
MLIST
MLISTwebmin -- userminMultiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.2017-04-12not yet calculatedCVE-2016-4897
JVN
JVNDB
BIDwireshark -- wiresharkIn Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector.2017-04-12not yet calculatedCVE-2016-7958
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wiresharkIn Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings.2017-04-12not yet calculatedCVE-2016-7957
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.2017-04-12not yet calculatedCVE-2017-7702
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.2017-04-12not yet calculatedCVE-2017-7705
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.2017-04-12not yet calculatedCVE-2017-7701
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.2017-04-12not yet calculatedCVE-2017-7700
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.2017-04-12not yet calculatedCVE-2017-7703
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.2017-04-12not yet calculatedCVE-2017-7745
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.2017-04-12not yet calculatedCVE-2017-7704
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.2017-04-12not yet calculatedCVE-2017-7747
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.2017-04-12not yet calculatedCVE-2017-7748
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
*In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.2017-04-12not yet calculatedCVE-2017-7746
BID
CONFIRM
CONFIRM
CONFIRMwolf_cms -- wolf_cms
*Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.2017-04-14not yet calculatedCVE-2015-6568
MISC
MISC
MISC
CONFIRM
CONFIRMwolf_cms -- wolf_cms
*Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.2017-04-14not yet calculatedCVE-2015-6567
MISC
MISC
MISC
CONFIRM
CONFIRMwordpress -- wordpress
*SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.2017-04-12not yet calculatedCVE-2017-7719
MISCzoho -- manageengine_servicedesk_plusCross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-14not yet calculatedCVE-2016-4888
JVN
JVNDB
BIDzoho -- manageengine_servicedesk_plusZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.2017-04-14not yet calculatedCVE-2016-4889
JVN
JVNDB
BIDzoho -- manageengine_servicedesk_plusZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generationg cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.2017-04-14not yet calculatedCVE-2016-4890
JVN
JVNDB
BIDzurmo -- zurmo
*Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.2017-04-14not yet calculatedCVE-2017-7188
MISC
MISC Back to top
This product is provided subject to this Notification and this Privacy & Use policy.

More...