|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
SB17-107: Vulnerability Summary for the Week of April 10, 2017
SB17-107: Vulnerability Summary for the Week of April 10, 2017
04-17-2017 02:56 AM Original release date: April 17, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoamazon -- fire_osStack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.2017-04-0910.0CVE-2015-7292 MISCatlassian -- jiraThe JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.2017-04-107.5CVE-2017-5983 MISC BID CONFIRM CONFIRM CERT-VNaxis -- axis_communications_firmwareAXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."2017-04-097.8CVE-2015-8258 EXPLOIT-DBbotan_project -- botanbotan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.2017-04-107.8CVE-2015-7825 CONFIRM CONFIRMbotan_project -- botanbotan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.2017-04-107.5CVE-2015-7826 CONFIRM CONFIRMbotan_project -- botanThe Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.2017-04-107.5CVE-2016-6878 CONFIRMcisco -- aironet_access_pointA vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).2017-04-077.2CVE-2016-9196 BID CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115).2017-04-077.2CVE-2017-6597 BID CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69).2017-04-077.2CVE-2017-6598 BID CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136.2017-04-077.2CVE-2017-6600 BID CONFIRMcisco -- firepower_management_centerA vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.2017-04-077.1CVE-2017-3885 BID CONFIRMcisco -- mobility_services_engineA vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).2017-04-077.2CVE-2016-9197 BID CONFIRMcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has a format string issue exploitable over SNMP.2017-04-097.5CVE-2016-5074 MISCdataprobe -- ibootbar_firmwareDataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.2017-04-077.5CVE-2007-6759 MISCdataprobe -- ibootbar_firmwareDataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.2017-04-077.5CVE-2007-6760 MISCdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.2017-04-097.5CVE-2015-7271 MISC BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.2017-04-097.5CVE-2015-7272 MISC BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.2017-04-097.5CVE-2015-7273 MISCgnu -- binutilselflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.2017-04-097.5CVE-2017-7614 MISCgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.2017-04-079.3CVE-2017-0538 BID CONFIRM CONFIRMgoogle -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.2017-04-079.3CVE-2017-0539 BID CONFIRM CONFIRMgoogle -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.2017-04-079.3CVE-2017-0540 BID CONFIRM CONFIRMgoogle -- androidA remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.2017-04-079.3CVE-2017-0541 BID CONFIRM CONFIRMgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.2017-04-079.3CVE-2017-0542 BID CONFIRM CONFIRMgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866.2017-04-079.3CVE-2017-0543 BID CONFIRM CONFIRMgoogle -- androidAn elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.2017-04-079.3CVE-2017-0544 BID CONFIRMgoogle -- androidAn elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350.2017-04-079.3CVE-2017-0545 BID CONFIRMgoogle -- androidAn elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.2017-04-079.3CVE-2017-0546 BID CONFIRMgoogle -- androidA remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.2017-04-077.1CVE-2017-0548 BID CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508.2017-04-077.1CVE-2017-0549 BID CONFIRM CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140.2017-04-077.1CVE-2017-0550 BID CONFIRM CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097231.2017-04-077.1CVE-2017-0551 BID CONFIRM CONFIRM CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915.2017-04-077.1CVE-2017-0552 BID CONFIRM CONFIRMgoogle -- androidAn elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065.2017-04-077.6CVE-2017-0553 BID CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. References: M-ALPS02898189.2017-04-079.3CVE-2017-0562 BID CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516.2017-04-077.6CVE-2017-0565 BID CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367.2017-04-077.6CVE-2017-0566 BID CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406.2017-04-077.6CVE-2017-0578 BID CONFIRMgynoii -- gcw-1010Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.2017-04-0910.0CVE-2015-2881 MISCibaby -- m3s_baby_monitor_firmwareiBaby M3S has a password of admin for the backdoor admin account.2017-04-0910.0CVE-2015-2887 MISClens_laboratories -- peek-a-view_firmwareLens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.2017-04-0910.0CVE-2015-2885 MISClinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.2017-04-077.6CVE-2017-0454 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.2017-04-077.6CVE-2017-0462 CONFIRMlinux -- linux_kernelA remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.2017-04-0710.0CVE-2017-0561 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409.2017-04-079.3CVE-2017-0563 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203.2017-04-079.3CVE-2017-0564 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575.2017-04-077.6CVE-2017-0567 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600.2017-04-077.6CVE-2017-0568 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666.2017-04-077.6CVE-2017-0569 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688.2017-04-077.6CVE-2017-0570 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541.2017-04-077.6CVE-2017-0571 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597.2017-04-077.6CVE-2017-0572 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539.2017-04-077.6CVE-2017-0573 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189.2017-04-077.6CVE-2017-0574 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099.2017-04-077.6CVE-2017-0575 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.2017-04-077.6CVE-2017-0576 BID MISC CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951.2017-04-077.6CVE-2017-0577 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406.2017-04-077.6CVE-2017-0579 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.2017-04-077.6CVE-2017-0580 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485.2017-04-077.6CVE-2017-0581 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836.2017-04-077.6CVE-2017-0582 BID CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788.2017-04-077.6CVE-2017-0583 BID CONFIRMlinux -- linux_kernelcrypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.2017-04-107.8CVE-2017-7618 MISC BIDnews_system_project -- news_systemSQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.2017-04-077.5CVE-2017-7581 MISCninka_project -- ninkaNinka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.2017-04-107.5CVE-2017-7239 MLIST BID CONFIRMosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.2017-04-097.5CVE-2016-5053 MISCphilips -- in.sight_b120\37Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.2017-04-0910.0CVE-2015-2882 MISCproxygen_project -- proxygenThe SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.2017-04-097.5CVE-2015-7264 MISCschneider-electric -- conext_combox_865-1058_firmwareAn issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.2017-04-077.8CVE-2017-6019 CONFIRM BID MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.2017-04-097.5CVE-2016-5065 MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.2017-04-0910.0CVE-2016-5066 MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.2017-04-099.0CVE-2016-5067 MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.2017-04-097.5CVE-2016-5068 MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.2017-04-097.5CVE-2016-5069 MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.2017-04-0910.0CVE-2016-5071 MISCsophos -- cyberoam_cr25ing_utm_firmwareSophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.2017-04-079.0CVE-2016-7786 MISCsummer_infant -- baby_zoom_wifi_monitor_firmwareSummer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.2017-04-097.5CVE-2015-2888 MISCtrendnet -- tv-ip743sicTRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.2017-04-099.0CVE-2015-2880 MISCvertivco -- liebert_multilink_automated_shutdownLiebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.2017-04-097.2CVE-2015-7260 MISCBack to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- igniteApache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.2017-04-074.3CVE-2016-6805 CONFIRM BIDatlassian -- bitbucketAtlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.2017-04-094.0CVE-2016-4320 BID MISCatlassian -- jiraAtlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.2017-04-096.8CVE-2016-4319 BID MISCaxis -- axis_communications_firmwareAXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.2017-04-096.8CVE-2015-8255 EXPLOIT-DBbotan_project -- botanbotan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.2017-04-105.0CVE-2015-7824 CONFIRM CONFIRMbotan_project -- botanThe X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.2017-04-105.0CVE-2016-6879 CONFIRMcastle_rock_computing -- snmpcCastle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.2017-04-094.3CVE-2015-6027 MISCcastle_rock_computing -- snmpcCastle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.2017-04-096.5CVE-2015-6028 MISCcesanta -- mongoose_osUse-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.2017-04-105.0CVE-2017-7185 BUGTRAQ BID CONFIRM CONFIRM MISCcisco -- asr_900_series_firmwareA vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP.2017-04-076.1CVE-2017-6603 BID CONFIRMcisco -- firepower_threat_defenseA vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.2017-04-074.3CVE-2017-3887 BID CONFIRMcisco -- ios_xeA vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.2017-04-076.9CVE-2017-6606 BID CONFIRMcisco -- ios_xrA vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL.2017-04-075.0CVE-2017-6599 BID CONFIRMcisco -- prime_infrastructureA vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0).2017-04-074.3CVE-2017-3848 BID CONFIRMcisco -- prime_infrastructureA vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).2017-04-074.0CVE-2017-3884 BID CONFIRMcisco -- registered_envelope_serviceA vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015.2017-04-075.8CVE-2017-3889 BID CONFIRMcisco -- unified_communications_managerA vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).2017-04-074.0CVE-2017-3886 BID CONFIRMcisco -- unified_computing_systemA vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.2017-04-075.8CVE-2017-6604 BID CONFIRMcisco -- unified_computing_system_directorA vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0).2017-04-074.0CVE-2017-3817 BID CONFIRMcisco -- wireless_lan_controllerA vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3).2017-04-075.0CVE-2016-9195 BID CONFIRMcloudera -- cdhImpala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.2017-04-105.0CVE-2016-6605 CONFIRMcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has XSS via SNMP.2017-04-094.3CVE-2016-5073 MISCcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has XSS via a TELNET login.2017-04-094.3CVE-2016-5075 MISCcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.2017-04-095.0CVE-2016-5076 MISCdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.2017-04-094.6CVE-2015-7270 MISC BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.2017-04-096.5CVE-2015-7274 MISC BID BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.2017-04-094.3CVE-2015-7275 MISC BIDdlink -- dwr-116_firmwareDirectory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.2017-04-105.0CVE-2017-6190 BID MISCelfutils_project -- elfutilsThe handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7607 MISCelfutils_project -- elfutilsThe ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7608 MISCelfutils_project -- elfutilself_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-04-094.3CVE-2017-7609 MISCelfutils_project -- elfutilsThe check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7610 MISCelfutils_project -- elfutilsThe check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7611 MISCelfutils_project -- elfutilsThe check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7612 MISCelfutils_project -- elfutilselflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-04-094.3CVE-2017-7613 MISCeparaksts -- eparakstitajs_3LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.2017-04-094.3CVE-2015-8275 MISCeparaksts -- eparakstitajs_3LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files.2017-04-094.3CVE-2015-8276 MISCfoxitsoftware -- foxit_pdf_toolkitMemory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.2017-04-076.8CVE-2017-7584 BID CONFIRMgoogle -- androidAn information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.2017-04-074.3CVE-2017-0547 BID CONFIRM CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.2017-04-076.8CVE-2017-0554 BID CONFIRMgoogle -- androidAn information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775.2017-04-074.3CVE-2017-0555 BID CONFIRM CONFIRMgoogle -- androidAn information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952.2017-04-074.3CVE-2017-0556 BID CONFIRM CONFIRMgoogle -- androidAn information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.2017-04-074.3CVE-2017-0557 BID CONFIRM CONFIRMgoogle -- androidAn information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.2017-04-074.3CVE-2017-0558 BID CONFIRM CONFIRMgoogle -- androidAn information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722.2017-04-074.3CVE-2017-0559 BID CONFIRMgoogle -- androidAn information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.2017-04-074.3CVE-2017-0560 BID CONFIRMibaby -- m6_baby_monitor_firmwareiBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.2017-04-095.0CVE-2015-2886 MISCilias_project -- iliasILIAS before 5.2.3 has XSS via SVG documents.2017-04-074.3CVE-2017-7583 CONFIRM CONFIRM CONFIRMimagemagick -- imagemagickcoders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-094.3CVE-2017-7606 MISCimagemagick -- imagemagickIn ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.2017-04-105.0CVE-2017-7619 CONFIRMimageworsener_project -- imageworsenerThe iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.2017-04-104.3CVE-2017-7623 BID CONFIRMimageworsener_project -- imageworsenerThe iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.2017-04-104.3CVE-2017-7624 BID CONFIRMjive_software -- jiveJive before 2016.3.1 has an open redirect from the external-link.jspa page.2017-04-095.8CVE-2016-4334 MISCkeepassx_project -- keepassxIn KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.2017-04-105.0CVE-2015-8378 CONFIRM CONFIRMlibaacplus_project -- libaacplusau_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8CVE-2017-7603 MISClibaacplus_project -- libaacplusau_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8CVE-2017-7604 MISClibaacplus_project -- libaacplusaacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8CVE-2017-7605 MISClibming -- libmingMultiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831.2017-04-076.8CVE-2017-7578 CONFIRMlibsndfile_project -- libsndfileIn libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.2017-04-074.3CVE-2017-7585 CONFIRM CONFIRM CONFIRM MISClibsndfile_project -- libsndfileIn libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.2017-04-074.3CVE-2017-7586 CONFIRM CONFIRM BID CONFIRM CONFIRMlibtiff -- libtiffThe putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7592 MISC BIDlibtiff -- libtifftif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.2017-04-094.3CVE-2017-7593 MISC BIDlibtiff -- libtiffThe OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.2017-04-094.3CVE-2017-7594 MISC BIDlibtiff -- libtiffThe JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.2017-04-094.3CVE-2017-7595 MISClibtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7596 BID MISClibtiff -- libtifftif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7597 BID MISClibtiff -- libtifftif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.2017-04-094.3CVE-2017-7598 BID MISClibtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7599 BID BID MISClibtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7600 MISClibtiff -- libtiffLibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7601 BID MISClibtiff -- libtiffLibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7602 BID MISCnetapp -- clustered_data_ontapNetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.2017-04-105.0CVE-2017-5988 CONFIRMnetikus -- eventsentryNetikus EventSentry before 3.2.1.44 has XSS via SNMP.2017-04-094.3CVE-2016-5077 MISCopencv -- opencvOpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.2017-04-096.8CVE-2016-1516 MISC MISCopencv -- opencvOpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.2017-04-094.3CVE-2016-1517 MISC MISCopenidm_project -- openidmIn OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js.2017-04-084.0CVE-2017-7589 MISC CONFIRMopenidm_project -- openidmOpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.2017-04-084.3CVE-2017-7590 MISC CONFIRMopenidm_project -- openidmOpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.2017-04-084.3CVE-2017-7591 MISC CONFIRMopmantek -- network_management_information_systemOpmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.2017-04-096.0CVE-2016-6534 MISCopsview -- opsviewOpsview before 2015-11-06 has XSS via SNMP.2017-04-094.3CVE-2015-6035 MISCosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.2017-04-095.0CVE-2016-5051 MISCosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.2017-04-095.0CVE-2016-5052 MISCosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.2017-04-095.0CVE-2016-5054 MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page.2017-04-094.3CVE-2016-5055 MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.2017-04-095.0CVE-2016-5056 MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.2017-04-095.0CVE-2016-5057 MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.2017-04-095.0CVE-2016-5058 MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application.2017-04-094.0CVE-2016-5059 MISCoxidforge -- oxid_eshopOXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.2017-04-096.5CVE-2016-5072 MISCpaessler -- prtgPaessler PRTG before 16.2.24.4045 has XSS via SNMP.2017-04-094.3CVE-2016-5078 MISCphilips -- in.sight_b120\37Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.2017-04-095.0CVE-2015-2884 MISCphpmyfaq -- phpmyfaqinc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.2017-04-074.3CVE-2017-7579 CONFIRM CONFIRMpivotx -- pivotxPivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.2017-04-076.5CVE-2017-7570 MISCproxygen_project -- proxygenThe SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.2017-04-095.0CVE-2015-7263 MISCproxygen_project -- proxygenFacebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.2017-04-095.0CVE-2015-7265 MISCsap -- netweaverThe SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.2017-04-104.0CVE-2016-10304 MISCsap -- sql_anywhereBuffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778.2017-04-104.0CVE-2016-10310 BID MISCschneider-electric -- interactive_graphical_scada_systemA DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path.2017-04-076.8CVE-2017-6033 CONFIRM BID MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.2017-04-095.0CVE-2016-5070 MISCspiceworks -- desktopSpiceworks Desktop before 2015-12-01 has XSS via an SNMP response.2017-04-094.3CVE-2015-6021 MISCsummer_infant -- baby_zoom_wifi_monitor_firmwareSummer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.2017-04-096.5CVE-2015-2889 MISCswagger_project -- swagger-uiSwagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.2017-04-094.3CVE-2016-5682 MISCvisioncritical -- vision_criticalVision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files.2017-04-095.0CVE-2014-2960 MISCweb2py -- web2pyweb2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.2017-04-105.0CVE-2016-10321 CONFIRM CONFIRMxiongmai_technologies -- uc-httpdXiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.2017-04-075.0CVE-2017-7577 MISCBack to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- apple_musicThe Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-072.9CVE-2017-2387 MISC BID CONFIRMatlassian -- confluenceAtlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.2017-04-093.5CVE-2016-4317 BID MISCatlassian -- jiraAtlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.2017-04-093.5CVE-2016-4318 BID MISCcisco -- firepower_extensible_operating_systemA vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647).2017-04-073.6CVE-2017-6601 BID CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138).2017-04-073.6CVE-2017-6602 BID CONFIRMcisco -- unified_communications_managerA vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).2017-04-073.5CVE-2017-3888 BID CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731.2017-04-072.6CVE-2017-0584 BID CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.2017-04-072.6CVE-2017-0585 BID CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.2017-04-072.6CVE-2017-0586 BID CONFIRMlinux -- linux_kernelIncorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.2017-04-102.1CVE-2017-7616 CONFIRM BID CONFIRMopmantek -- network_management_information_systemOpmantek NMIS before 8.5.12G has XSS via SNMP.2017-04-093.5CVE-2016-5642 MISCphilips -- in.sight_b120\37Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.2017-04-093.5CVE-2015-2883 MISCBack to top * Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_flash_playerAdobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3058 BID CONFIRMadobe -- acrobat_flash_playerAdobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3063 BID CONFIRMadobe -- acrobat_flash_player *Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3062 BID CONFIRMadobe -- acrobat_flash_player *Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3060 BID CONFIRMadobe -- acrobat_flash_player *Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3061 BID CONFIRMadobe -- acrobat_flash_player *Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3059 BID CONFIRMadobe -- acrobat_flash_player *Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3064 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3023 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) format parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3019 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin.2017-04-12not yet calculatedCVE-2017-3012 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when manipulating PDF annotations. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3024 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the renderer functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3018 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3026 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of JPEG files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3051 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging.2017-04-12not yet calculatedCVE-2017-3013 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module.2017-04-12not yet calculatedCVE-2017-3020 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.2017-04-12not yet calculatedCVE-2017-3021 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.2017-04-12not yet calculatedCVE-2017-3022 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3011 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3057 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3030 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal scan line representation in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3048 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.2017-04-12not yet calculatedCVE-2017-3032 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset form functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3014 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3056 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3044 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to manipulation of EMF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3054 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3015 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3017 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3050 BID CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3025 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3027 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3028 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.2017-04-12not yet calculatedCVE-2017-3029 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.2017-04-12not yet calculatedCVE-2017-3033 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.2017-04-12not yet calculatedCVE-2017-3031 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3035 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3038 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3065 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3036 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3037 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3034 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3039 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3041 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3042 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 image compression module. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3040 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box.2017-04-12not yet calculatedCVE-2017-3045 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stream parsing.2017-04-12not yet calculatedCVE-2017-3046 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality.2017-04-12not yet calculatedCVE-2017-3043 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3049 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EMF - enhanced meta file format.2017-04-12not yet calculatedCVE-2017-3052 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files.2017-04-12not yet calculatedCVE-2017-3053 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3047 BID CONFIRMadobe -- acrobat_reader *Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3055 BID CONFIRMadobe -- campaignAdobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.2017-04-12not yet calculatedCVE-2017-2989 BID CONFIRMadobe -- photoshop_ccAdobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3004 BID CONFIRMadobe -- photoshop_cc *Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.2017-04-12not yet calculatedCVE-2017-3005 BID CONFIRMadobe -- thorAdobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.2017-04-12not yet calculatedCVE-2017-3006 BID CONFIRMadobe -- thorAdobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.2017-04-12not yet calculatedCVE-2017-3007 BID CONFIRMapache -- tomcatBuffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.2017-04-12not yet calculatedCVE-2016-6808 MISC REDHAT FULLDISC CONFIRM MLIST BID SECTRACK REDHAT REDHATapache -- tomee *The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.2017-04-11not yet calculatedCVE-2016-0779 MISC MLIST CONFIRM BUGTRAQ BID MISCapple -- ios_shoplat_applicationShoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.2017-04-13not yet calculatedCVE-2016-1132 JVN JVNDBapple -- mac_os_x *Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.2017-04-13not yet calculatedCVE-2010-1821 APPLEapple -- mac_os_x *Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image.2017-04-13not yet calculatedCVE-2010-1816 APPLEappleple -- a-blog_cmsCross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.2017-04-12not yet calculatedCVE-2016-1179 JVN JVNDB CONFIRMappleple -- a-blog_cmsThe session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.2017-04-12not yet calculatedCVE-2016-1178 JVN JVNDB CONFIRMasterisk -- asterisk *Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.2017-04-10not yet calculatedCVE-2017-7617 CONFIRM BID CONFIRMatutor -- atutorSQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.2017-04-13not yet calculatedCVE-2016-2555 MISC MISC CONFIRM CONFIRMauromeera -- emli *Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.2017-04-11not yet calculatedCVE-2017-7621 MISCbigtree_cms -- bigtree_cms *Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.2017-04-11not yet calculatedCVE-2017-7695 MISC MISC MISCbigtree_cms -- bigtree_cms *BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.2017-04-15not yet calculatedCVE-2017-7881 MISC MISCbitrix -- bitrix *Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.2017-04-14not yet calculatedCVE-2015-8356 MISC BUGTRAQ MISCblackberry -- blackberry_enterprise_serverMultiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.2017-04-13not yet calculatedCVE-2016-1915 FULLDISC MISC CONFIRMblackberry -- blackberry_enterprise_serverMultiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.2017-04-13not yet calculatedCVE-2016-1914 FULLDISC MISC CONFIRMblue_coat -- sslv *Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server.2017-04-11not yet calculatedCVE-2016-10259 BID CONFIRMbrother -- multiple_devices *On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.2017-04-12not yet calculatedCVE-2017-7588 MISCcandlepin_project -- candlepinThe Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.2017-04-14not yet calculatedCVE-2016-4455 REDHAT REDHAT MLIST BID SECTRACK CONFIRM CONFIRM CONFIRMcitrix -- netscaler_gateway *A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.2017-04-13not yet calculatedCVE-2017-7219 BID CONFIRMconcrete5 -- concrete5 *concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector.2017-04-13not yet calculatedCVE-2017-7725 MISC MISC MISCdde -- dde *dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.2017-04-10not yet calculatedCVE-2017-7622 MISCdebian -- inspircd *Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.2017-04-13not yet calculatedCVE-2015-6674 DEBIAN CONFIRM GENTOOeclipse -- jettyThe path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.2017-04-13not yet calculatedCVE-2016-4800 MLIST MISC BID MISCember.js -- ember.js *Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.2017-04-13not yet calculatedCVE-2015-7565 CONFIRM CONFIRMeyesofnetwork -- eyesofnetwork *Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter in module/monitoring_ged/ged_functions.php or the (5) type parameter in monitoring_ged/ajax.php.2017-04-11not yet calculatedCVE-2017-6088 MLIST BIDf5 -- big-ip_apmThe TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.2017-04-11not yet calculatedCVE-2016-7467 BID CONFIRMfeh -- feh *In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.2017-04-14not yet calculatedCVE-2017-7875 CONFIRM CONFIRMffmpeg -- ffmpeg *FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.2017-04-14not yet calculatedCVE-2017-7863 MISC MISCffmpeg -- ffmpeg *FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.2017-04-14not yet calculatedCVE-2017-7866 MISC MISCffmpeg -- ffmpeg *FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.2017-04-14not yet calculatedCVE-2017-7865 MISC MISCffmpeg -- ffmpeg *FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.2017-04-14not yet calculatedCVE-2017-7862 MISC MISCffmpeg -- ffmpeg *FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.2017-04-14not yet calculatedCVE-2017-7859 MISCfirejail -- firejail *Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10121 MLIST MLISTfirejail -- firejail *Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10123 MLIST MLISTfirejail -- firejail *Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.2017-04-13not yet calculatedCVE-2016-10118 MLIST MLISTfirejail -- firejail *Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10120 MLIST MLISTfirejail -- firejail *Firejail does not properly clean environment variables, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10122 MLIST MLISTfirejail -- firejail *Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.2017-04-13not yet calculatedCVE-2016-10117 MLIST MLISTfirejail -- firejail *Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10119 MLIST MLISTfiyo_cms -- fiyo_cms *In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.2017-04-10not yet calculatedCVE-2017-7625 BID MISCflatcore -- flatcore_cms *CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.2017-04-14not yet calculatedCVE-2017-7877 CONFIRMflatcore -- flatcore_cms *SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.2017-04-14not yet calculatedCVE-2017-7879 CONFIRMflatcore -- flatcore_cms *SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.2017-04-14not yet calculatedCVE-2017-7878 CONFIRMfortimail -- fortimail *An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.2017-04-12not yet calculatedCVE-2017-3125 CONFIRM BIDfoscam -- foscam_networked_devices *Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.2017-04-10not yet calculatedCVE-2017-7648 MISCfreetype -- freetype_2 *FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.2017-04-14not yet calculatedCVE-2017-7858 MISC MISCfreetype -- freetype_2 *FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.2017-04-14not yet calculatedCVE-2017-7857 MISC MISCfreetype -- freetype_2 *FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.2017-04-14not yet calculatedCVE-2017-7864 MISC MISCfreetype_project -- freetype_2FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.2017-04-14not yet calculatedCVE-2016-10328 MISC MISC MISCgame-music-emu -- game-music-emugame-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.2017-04-12not yet calculatedCVE-2016-9958 SUSE SUSE MLIST BID CONFIRM FEDORA FEDORA FEDORA FEDORA MISCgame-music-emu -- game-music-emuStack-based buffer overflow in game-music-emu before 0.6.1.2017-04-12not yet calculatedCVE-2016-9957 SUSE SUSE MLIST BID CONFIRM FEDORA FEDORA FEDORA FEDORA MISCgame-music-emu -- game-music-emugame-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.2017-04-12not yet calculatedCVE-2016-9959 SUSE SUSE MLIST BID CONFIRM FEDORA FEDORA FEDORA FEDORA MISCghostscript -- ghostscript *The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.2017-04-14not yet calculatedCVE-2016-8602 CONFIRM MLIST MLIST BID CONFIRM CONFIRM CONFIRMgnu -- a2ps *Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.2017-04-13not yet calculatedCVE-2015-8107 MLIST BIDgnutls -- gnutls *GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.2017-04-14not yet calculatedCVE-2017-7869 MISC MISC CONFIRMgoogle -- androidmediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.2017-04-13not yet calculatedCVE-2014-7921 CONFIRM CONFIRMgoogle -- androidmediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.2017-04-13not yet calculatedCVE-2014-7920 CONFIRM CONFIRMgoogle -- androidHTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.2017-04-13not yet calculatedCVE-2016-1155 MISC JVNgoogle -- android_kernelDrivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.2017-04-12not yet calculatedCVE-2016-5856 SECTRACK CONFIRM CONFIRMgoogle -- chromeA use-after-free in AnimationController::endAnimationUpdate in Google Chrome.2017-04-11not yet calculatedCVE-2013-6647 CONFIRMgoogle -- chromeGoogle Chrome caches TLS sessions before certificate validation occurs.2017-04-13not yet calculatedCVE-2013-6662 CONFIRMgoogle -- grpcGoogle gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.2017-04-14not yet calculatedCVE-2017-7861 MISC MISCgoogle -- grpcGoogle gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.2017-04-14not yet calculatedCVE-2017-7860 MISC MISChipchat -- server *Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.2017-04-14not yet calculatedCVE-2017-7357 BUGTRAQ CONFIRM CONFIRMhuawei -- p7 *Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.2017-04-13not yet calculatedCVE-2015-7740 CONFIRMhuawei -- p7 *Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver.2017-04-13not yet calculatedCVE-2015-8223 CONFIRMi-o_data -- rock_disk *Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713.2017-04-13not yet calculatedCVE-2014-3887 CONFIRM JVNibm -- financial_transition_managerIBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.2017-04-14not yet calculatedCVE-2017-1152 CONFIRMibm -- platform_lsfIBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741.2017-04-14not yet calculatedCVE-2017-1205 MISCibm -- tivoliIBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540.2017-04-14not yet calculatedCVE-2016-8927 CONFIRMibm -- tivoli *IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.2017-04-14not yet calculatedCVE-2016-8926 CONFIRMibm -- tivoli *IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.2017-04-14not yet calculatedCVE-2016-8925 CONFIRMicu_project -- icu *International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.2017-04-14not yet calculatedCVE-2017-7867 MISC MISCicu_project -- icu *International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.2017-04-14not yet calculatedCVE-2017-7868 MISC MISCimagemagick -- imagemagick *coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.2017-04-11not yet calculatedCVE-2014-9837 MISC MLIST CONFIRMimagemagick -- imagemagick *The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).2017-04-11not yet calculatedCVE-2014-8716 MISC BID CONFIRMimagemagick -- imagemagick *The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.2017-04-11not yet calculatedCVE-2014-8354 MISC BID CONFIRM MISCimagemagick -- imagemagick *DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).2017-04-11not yet calculatedCVE-2014-8562 BID CONFIRM MISC MISCimagemagick -- imagemagick *PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).2017-04-11not yet calculatedCVE-2014-8355 MISC BID CONFIRM MISCinspircd -- inspircd *InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).2017-04-13not yet calculatedCVE-2012-6697 DEBIAN CONFIRM CONFIRM GENTOOintellinet_network -- nfc-30ir_IP_camera *Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.2017-04-11not yet calculatedCVE-2017-7461 EXPLOIT-DBintellinet_network -- nfc-30ir_IP_camera *Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.2017-04-11not yet calculatedCVE-2017-7462 EXPLOIT-DBivywe -- ivyweMultiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-14not yet calculatedCVE-2016-4875 JVN JVNDB BID CONFIRM CONFIRMjackson-dataformat-xml -- jackson-dataformat-xmlXmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.2017-04-14not yet calculatedCVE-2016-7051 CONFIRMjoomla -- joomla *The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).2017-04-12not yet calculatedCVE-2017-7628 MISC MISC MISCjoomla -- joomla *The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).2017-04-12not yet calculatedCVE-2017-7626 MISC MISC MISCjoomla -- joomla *The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).2017-04-12not yet calculatedCVE-2017-7627 MISC MISCkancolleviewer -- kancolleviewer *KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.2017-04-13not yet calculatedCVE-2015-2947 CONFIRM JVNkony -- enterprise_mobile_management *Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.2017-04-11not yet calculatedCVE-2017-5672 MISCktools.net -- photostoreSQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.2017-04-12not yet calculatedCVE-2016-4337 MISC EXPLOIT-DBlenovo_group -- lenovo_customer_care_software_development_ kit *Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.2017-04-10not yet calculatedCVE-2016-8235 BID CONFIRMlenovo_group -- lenovo_updates *Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.2017-04-10not yet calculatedCVE-2016-8237 BID CONFIRMlibdwarf -- libdwarf *dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.2017-04-10not yet calculatedCVE-2016-5041 MLIST MLIST CONFIRMlibreoffice_project -- libreofficeLibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.2017-04-14not yet calculatedCVE-2016-10327 MISC MISClibreoffice_project -- libreoffice *LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.2017-04-14not yet calculatedCVE-2017-7856 MISC MISClibreoffice_project -- libreoffice *LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.2017-04-15not yet calculatedCVE-2017-7882 MISC MISClibreoffice_project -- libreoffice *LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.2017-04-14not yet calculatedCVE-2017-7870 MISC MISClibsamplerate -- libsamplerate *In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.2017-04-11not yet calculatedCVE-2017-7697 BID CONFIRMlibsndfile -- libsndfile *In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.2017-04-12not yet calculatedCVE-2017-7741 MISC MISClibsndfile -- libsndfile *In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.2017-04-12not yet calculatedCVE-2017-7742 MISC MISClibtiff -- libtiffThe setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.2017-04-11not yet calculatedCVE-2016-5322 DEBIAN MLIST BID BID CONFIRM GENTOOlibxml2 -- libxml2The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.2017-04-11not yet calculatedCVE-2016-4483 DEBIAN MLIST MLIST MLIST MLIST CONFIRM BID CONFIRM CONFIRMlinux -- linux_kernel *udevd in udev 232, when the Linux kernel 4.8.0 is used, does not properly verify the source of a Netlink message, which allows local users to execute arbitrary commands by leveraging access to the NETLINK_KOBJECT_UEVENT family, and the presence of the /lib/udev/rules.d/50-udev-default.rules file, to provide a crafted REMOVE_CMD value.2017-04-15not yet calculatedCVE-2017-7874 MISClinux -- linux_kernel *The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.2017-04-11not yet calculatedCVE-2016-5011 REDHAT CONFIRM CONFIRM MLIST BID SECTRACK CONFIRMmicrosoft -- .net_frameworkMicrosoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."2017-04-12not yet calculatedCVE-2017-0160 BID CONFIRMmicrosoft -- edgeAn information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0208 BID CONFIRMmicrosoft -- edgeA remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0201.2017-04-12not yet calculatedCVE-2017-0093 BID CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0200 BID CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0205 BID CONFIRMmicrosoft -- edge *A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0203 BID CONFIRMmicrosoft -- excelMicrosoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0195 BID CONFIRMmicrosoft -- excelMicrosoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0194 BID CONFIRMmicrosoft -- internet_explorerA remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0093.2017-04-12not yet calculatedCVE-2017-0201 BID CONFIRMmicrosoft -- internet_explorerAn elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0210 BID CONFIRMmicrosoft -- internet_explorer *A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0202 BID CONFIRMmicrosoft -- officeMicrosoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."2017-04-12not yet calculatedCVE-2017-0199 BID MISC CONFIRM MISCmicrosoft -- onenote *Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."2017-04-12not yet calculatedCVE-2017-0197 BID CONFIRMmicrosoft -- outlookMicrosoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0106 BID CONFIRMmicrosoft -- outlookMicrosoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0204 BID CONFIRMmicrosoft -- outlook *Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."2017-04-12not yet calculatedCVE-2017-0207 BID CONFIRMmicrosoft -- windowsThe Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0155 BID CONFIRMmicrosoft -- windowsA Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0058 BID CONFIRMmicrosoft -- windowsA denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."2017-04-12not yet calculatedCVE-2017-0191 BID CONFIRMmicrosoft -- windowsAn information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0167 BID CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0188.2017-04-12not yet calculatedCVE-2017-0189 BID CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0156 BID CONFIRMmicrosoft -- windowsA Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189.2017-04-12not yet calculatedCVE-2017-0188 BID CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0158 BID CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0211 BID CONFIRMmicrosoft -- windowsA denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."2017-04-12not yet calculatedCVE-2017-0164 BID CONFIRMmicrosoft -- windowsThe Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0192 BID CONFIRMmicrosoft -- windowsA security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0159 BID CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0166 BID CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0165 BID CONFIRMmicrosoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0184 BID CONFIRMmicrosoft -- windows_hyper-vAn information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168.2017-04-12not yet calculatedCVE-2017-0169 BID CONFIRMmicrosoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0179 BID CONFIRMmicrosoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0178 BID CONFIRMmicrosoft -- windows_hyper-v_network_switchA denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0183 BID CONFIRMmicrosoft -- windows_hyper-v_network_switchAn information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169.2017-04-12not yet calculatedCVE-2017-0168 BID CONFIRMmicrosoft -- windows_hyper-v_network_switchA remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0163 BID CONFIRMmicrosoft -- windows_hyper-v_network_switchA remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0162 BID CONFIRMmicrosoft -- windows_hyper-v_network_switch *A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0182 BID CONFIRMmicrosoft -- windows_hyper-v_network_switch *A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185.2017-04-12not yet calculatedCVE-2017-0186 BID CONFIRMmicrosoft -- windows_hyper-v_network_switch *A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0185 BID CONFIRMmicrosoft -- windows_hyper-v_network_switch *A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0180 BID CONFIRMmicrosoft -- windows_hyper-v_network_switch *A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180.2017-04-12not yet calculatedCVE-2017-0181 BID CONFIRMmod_cluster -- mod_clusterStack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.2017-04-12not yet calculatedCVE-2016-4459 REDHAT REDHAT REDHAT REDHAT BID REDHAT REDHAT CONFIRMmongodb -- mongodmongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.2017-04-14not yet calculatedCVE-2016-3104 BID CONFIRM CONFIRMmoxa -- awk-3131a_wireless_access_pointAn exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response.2017-04-13not yet calculatedCVE-2016-8720 MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.2017-04-13not yet calculatedCVE-2016-8725 MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.2017-04-13not yet calculatedCVE-2016-8726 MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.2017-04-13not yet calculatedCVE-2016-8723 MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.2017-04-13not yet calculatedCVE-2016-8724 MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.2017-04-13not yet calculatedCVE-2016-8727 MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.2017-04-13not yet calculatedCVE-2016-8722 MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request.2017-04-12not yet calculatedCVE-2016-8718 MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim.2017-04-12not yet calculatedCVE-2016-8719 MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.2017-04-12not yet calculatedCVE-2016-8716 MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.2017-04-13not yet calculatedCVE-2016-8712 MISCmoxa -- mx-aopc_server *XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.2017-04-14not yet calculatedCVE-2017-7457 MISC FULLDISCmoxa -- mxview *Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.2017-04-14not yet calculatedCVE-2017-7455 MISC MISC FULLDISCmoxa -- mxview *Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.2017-04-14not yet calculatedCVE-2017-7456 MISC FULLDISCmozilla_project -- bugzilla *Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.2017-04-12not yet calculatedCVE-2016-2803 MISC BUGTRAQ SECTRACK CONFIRMnetapp -- oncommand *NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.2017-04-10not yet calculatedCVE-2017-7345 BID CONFIRMnettle -- nettleThe RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.2017-04-14not yet calculatedCVE-2016-6489 REDHAT MLIST UBUNTU CONFIRM MISC CONFIRMnetty -- nettyhandler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).2017-04-13not yet calculatedCVE-2016-4970 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRMnovastor -- novabackup_datacenterThe datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.2017-04-13not yet calculatedCVE-2016-4898 CONFIRMnovastor -- novabackup_datacenterThe datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.2017-04-13not yet calculatedCVE-2016-4899 CONFIRMoliver -- oliver *Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php).2017-04-13not yet calculatedCVE-2014-2710 MISC FULLDISC BUGTRAQopenssh -- openssh *The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.2017-04-11not yet calculatedCVE-2016-1908 MLIST CONFIRM BID CONFIRM CONFIRMopenstack -- nova-lxd *OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.2017-04-12not yet calculatedCVE-2017-5936 MLIST BID UBUNTU CONFIRM CONFIRMosip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2016-10326 CONFIRMosip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.2017-04-13not yet calculatedCVE-2016-10324 BID CONFIRMosip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2016-10325 CONFIRMosip -- osip *In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2017-7853 CONFIRMpalo_alto_networks -- pan-os *The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.2017-04-14not yet calculatedCVE-2017-7217 CONFIRMpalo_alto_networks -- pan-os *The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.2017-04-14not yet calculatedCVE-2017-7218 CONFIRMpalo_alto_networks -- traps_esm_console *Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.2017-04-14not yet calculatedCVE-2017-7408 BID CONFIRM CONFIRMping_identity --openid-connect *Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.2017-04-12not yet calculatedCVE-2017-6059 MLIST BID CONFIRM MISC CONFIRMpivotal -- cloud_foundrySQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2017-04-11not yet calculatedCVE-2016-4468 MLIST CONFIRMproxifier -- proxifier *Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.2017-04-14not yet calculatedCVE-2017-7643 FULLDISC MISCproxifier -- proxifier *Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.2017-04-14not yet calculatedCVE-2017-7690 MISCpulp -- pulpPulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.2017-04-13not yet calculatedCVE-2016-3106 MLIST MLIST CONFIRM CONFIRMqemu_project -- qemu *Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.2017-04-11not yet calculatedCVE-2015-8504 CONFIRM MLIST BID CONFIRMqemu_project -- qemu *Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).2017-04-13not yet calculatedCVE-2015-8567 FEDORA FEDORA FEDORA FEDORA SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE DEBIAN MLIST BID UBUNTU MLIST GENTOOqemu_project -- qemu *The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.2017-04-13not yet calculatedCVE-2015-8345 MLIST BID MLISTqemu_project -- qemu *The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).2017-04-13not yet calculatedCVE-2015-8619 MLIST BID MLISTqemu_project -- qemu *Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.2017-04-11not yet calculatedCVE-2015-8613 MLIST BID CONFIRM MLISTqemu_project -- qemu *Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.2017-04-11not yet calculatedCVE-2015-8666 CONFIRM MLIST BID CONFIRMqemu_project -- qemu *The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.2017-04-10not yet calculatedCVE-2017-7377 CONFIRM MLIST BID CONFIRM MLISTqemu_project -- qemu *Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.2017-04-11not yet calculatedCVE-2015-8568 MLIST BID CONFIRM MLISTquest -- priviledge_manager *pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.2017-04-14not yet calculatedCVE-2017-6554 MISC EXPLOIT-DBradare -- radare2 *The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.2017-04-13not yet calculatedCVE-2017-7854 CONFIRM CONFIRMradare -- radare2 *The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.2017-04-12not yet calculatedCVE-2017-7716 CONFIRMred_hat -- quickstart_cloud_installerThe web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.2017-04-14not yet calculatedCVE-2016-7060 REDHAT CONFIRMred_hat -- red_hat_satellite_5Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) or (6) tags.2017-04-13not yet calculatedCVE-2016-2104 REDHAT CONFIRM CONFIRMresteasy -- resteasyJacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.2017-04-12not yet calculatedCVE-2016-6348 CONFIRMroundcube -- webmailCross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.2017-04-13not yet calculatedCVE-2016-4068 SUSE SUSE SUSE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMroundcube -- webmail *Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.2017-04-13not yet calculatedCVE-2015-8864 SUSE SUSE SUSE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMrtmpdump -- rtmpdump *The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).2017-04-13not yet calculatedCVE-2015-8270 BID MISCrtmpdump -- rtmpdump *The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.2017-04-13not yet calculatedCVE-2015-8271 BID MISCrtmpdump -- rtmpdump *RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).2017-04-13not yet calculatedCVE-2015-8272 BID MISCsaltstack -- saltstack *modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.2017-04-13not yet calculatedCVE-2015-1839 FEDORA CONFIRM CONFIRM CONFIRM CONFIRMsaltstack -- saltstack *modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.2017-04-13not yet calculatedCVE-2015-1838 FEDORA CONFIRM CONFIRM CONFIRMsamsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4032 MISCsamsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4030 MISCsamsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4031 MISCsamsung -- galaxy_s6Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081.2017-04-13not yet calculatedCVE-2016-2565 MISCsamsung -- galaxy_s6Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.2017-04-13not yet calculatedCVE-2016-2566 MISCsamsung -- galaxy_s6 *SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.2017-04-11not yet calculatedCVE-2015-7893 MISC BID CONFIRM MISC EXPLOIT-DBsamsung -- samsungSamsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.2017-04-13not yet calculatedCVE-2015-8780 MISCsamsung -- samsung_kernelsecfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.exa...p://google.com URL.2017-04-13not yet calculatedCVE-2016-2567 MISCsamsung -- samsung_kernelThe getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.2017-04-13not yet calculatedCVE-2016-2036 MISCsap -- business_intelligence_platformSQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633.2017-04-13not yet calculatedCVE-2016-6818 MISCsap -- business_warehouse_accelerator *A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.2017-04-11not yet calculatedCVE-2017-7691 BID CONFIRMsap -- hanaSAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.2017-04-13not yet calculatedCVE-2016-6143 BID MISC MISCsap -- netweaver_as_java *SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.2017-04-14not yet calculatedCVE-2017-7717 MISCsap -- netweaver *Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.2017-04-10not yet calculatedCVE-2016-10311 MISCsap -- sap_as_java *SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.2017-04-14not yet calculatedCVE-2017-7696 MISCschneider_electric -- homelynk_controller *A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.2017-04-11not yet calculatedCVE-2017-7689 CONFIRM BID MISCscm_plug-in -- scm_plug-inThe scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.2017-04-14not yet calculatedCVE-2016-6299 MLIST BID CONFIRM FEDORA FEDORA FEDORAseawell_networks -- spectrum *Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.2017-04-13not yet calculatedCVE-2015-8283 MISC FULLDISC EXPLOIT-DBseawell_networks -- spectrum *SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.2017-04-13not yet calculatedCVE-2015-8284 MISC FULLDISC EXPLOIT-DBseawell_networks -- spectrum *SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.2017-04-13not yet calculatedCVE-2015-8282 MISC FULLDISC EXPLOIT-DBsetroubleshoot -- setroubleshootThe fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.2017-04-11not yet calculatedCVE-2016-4445 MLIST BID SECTRACK CONFIRM CONFIRM REDHATsetroubleshoot -- setroubleshootThe allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.2017-04-11not yet calculatedCVE-2016-4444 MLIST BID SECTRACK REDHAT CONFIRM CONFIRM REDHATsetroubleshoot -- setroubleshootThe allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.2017-04-11not yet calculatedCVE-2016-4446 MLIST BID SECTRACK REDHAT CONFIRM CONFIRM REDHATsetroubleshoot -- setroubleshootsetroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.2017-04-11not yet calculatedCVE-2016-4989 MLIST SECTRACK REDHAT CONFIRM CONFIRM CONFIRM REDHATsetucocms -- setucocmsSetucoCMS allows remote attackers to alter or disclose information, related to session information.2017-04-12not yet calculatedCVE-2016-4896 JVN JVNDB BIDsetucocms -- setucocmsSetucoCMS allows remote attackers to cause a denial of service.2017-04-12not yet calculatedCVE-2016-4894 JVN JVNDB BIDsetucocms -- setucocmsSetucoCMS allows remote authenticated users to execute arbitrary code.2017-04-12not yet calculatedCVE-2016-4895 JVN JVNDB BIDsetucocms -- setucocmsCross-site request forgery (CSRF) vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4891 JVN JVNDB BIDsetucocms -- setucocmsSQL injection vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4893 JVN JVNDB BIDsetucocms -- setucocmsCross-site scripting (XSS) vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4892 JVN JVNDB BIDskia -- skia *SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash).2017-04-13not yet calculatedCVE-2013-6648 CONFIRM CONFIRMsolarwinds -- log_and_event_managerSolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.2017-04-10not yet calculatedCVE-2017-7646 CONFIRMsolarwinds -- log_and_event_managerSolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.2017-04-10not yet calculatedCVE-2017-7647 CONFIRMsolarwinds -- log_and_event_managerIn SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.2017-04-12not yet calculatedCVE-2017-7722 MISC MISCsony -- camerasSONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.2017-04-13not yet calculatedCVE-2016-7834 JVN CONFIRMsplunk -- enterprise *Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.2017-04-10not yet calculatedCVE-2017-5607 MISC FULLDISC BUGTRAQ BID BID SECTRACK EXPLOIT-DB CONFIRMsquashfs -- unsquash *(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.2017-04-13not yet calculatedCVE-2015-4646 MLIST BIDsudo -- sudosudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.2017-04-14not yet calculatedCVE-2016-7032 BID CONFIRM CONFIRMsymantec -- multiple_products *The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.2017-04-14not yet calculatedCVE-2016-5309 BID SECTRACK SECTRACK SECTRACK SECTRACK MISC EXPLOIT-DB CONFIRMsymantec -- multiple_products *The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.2017-04-14not yet calculatedCVE-2016-5310 BID SECTRACK SECTRACK SECTRACK SECTRACK MISC EXPLOIT-DB CONFIRMsymantec -- symantec_messaging_gatewayDirectory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.2017-04-14not yet calculatedCVE-2016-5312 MISC FULLDISC BID SECTRACK CONFIRM EXPLOIT-DBsymantec -- symantec_web_gatewaySymantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.2017-04-12not yet calculatedCVE-2016-5313 MISC FULLDISC BID SECTRACK CONFIRMsymphony -- symphony_cms *Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.2017-04-11not yet calculatedCVE-2017-7694 MISC BID MISC MISCsynology -- photo_stationSynology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.2017-04-10not yet calculatedCVE-2016-10322 MISC MISCsynology -- photo_stationSynology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.2017-04-10not yet calculatedCVE-2016-10323 MISC MISCteampass -- teampassMultiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.2017-04-12not yet calculatedCVE-2015-7564 CONFIRM EXPLOIT-DBteampass -- teampassCross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.2017-04-12not yet calculatedCVE-2015-7563 MISC EXPLOIT-DBteampass -- teampassMultiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.2017-04-12not yet calculatedCVE-2015-7562 CONFIRM EXPLOIT-DBtrend_micro -- threat_discovery_applianceA command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.2017-04-12not yet calculatedCVE-2016-7547 BID MISCtrend_micro -- threat_discovery_applianceOn the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.2017-04-12not yet calculatedCVE-2016-7552 BID MISCtrollpierre/tdm -- trollpierre/tdm *trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).2017-04-14not yet calculatedCVE-2017-7871 CONFIRM CONFIRMubuntu -- ubuntu *The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.2017-04-14not yet calculatedCVE-2016-0727 MISC BID SECTRACK UBUNTU CONFIRM CONFIRMumbraco -- umbraco *The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.2017-04-13not yet calculatedCVE-2012-1301 BUGTRAQ BID MISCunisys -- s-par *Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.2017-04-11not yet calculatedCVE-2017-5873 CONFIRMunitrends -- enterprise_backup *An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.2017-04-12not yet calculatedCVE-2017-7279 MISCunitrends -- enterprise_backup *An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.2017-04-12not yet calculatedCVE-2017-7281 MISCunitrends -- enterprise_backup *An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.2017-04-12not yet calculatedCVE-2017-7284 MISCunitrends -- enterprise_backup *An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.2017-04-12not yet calculatedCVE-2017-7280 MISCvtiger -- vtiger_crm *Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.2017-04-14not yet calculatedCVE-2016-1713 MISC MLIST MLISTwebmin -- userminMultiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.2017-04-12not yet calculatedCVE-2016-4897 JVN JVNDB BIDwireshark -- wiresharkIn Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector.2017-04-12not yet calculatedCVE-2016-7958 BID CONFIRM CONFIRM CONFIRMwireshark -- wiresharkIn Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings.2017-04-12not yet calculatedCVE-2016-7957 BID CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.2017-04-12not yet calculatedCVE-2017-7702 BID CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.2017-04-12not yet calculatedCVE-2017-7705 BID CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.2017-04-12not yet calculatedCVE-2017-7701 BID CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.2017-04-12not yet calculatedCVE-2017-7700 BID CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.2017-04-12not yet calculatedCVE-2017-7703 BID CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.2017-04-12not yet calculatedCVE-2017-7745 BID CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.2017-04-12not yet calculatedCVE-2017-7704 BID CONFIRM CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.2017-04-12not yet calculatedCVE-2017-7747 BID CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.2017-04-12not yet calculatedCVE-2017-7748 BID CONFIRM CONFIRM CONFIRMwireshark -- wireshark *In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.2017-04-12not yet calculatedCVE-2017-7746 BID CONFIRM CONFIRM CONFIRMwolf_cms -- wolf_cms *Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.2017-04-14not yet calculatedCVE-2015-6568 MISC MISC MISC CONFIRM CONFIRMwolf_cms -- wolf_cms *Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.2017-04-14not yet calculatedCVE-2015-6567 MISC MISC MISC CONFIRM CONFIRMwordpress -- wordpress *SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.2017-04-12not yet calculatedCVE-2017-7719 MISCzoho -- manageengine_servicedesk_plusCross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-14not yet calculatedCVE-2016-4888 JVN JVNDB BIDzoho -- manageengine_servicedesk_plusZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.2017-04-14not yet calculatedCVE-2016-4889 JVN JVNDB BIDzoho -- manageengine_servicedesk_plusZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generationg cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.2017-04-14not yet calculatedCVE-2016-4890 JVN JVNDB BIDzurmo -- zurmo *Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.2017-04-14not yet calculatedCVE-2017-7188 MISC MISCBack to top This product is provided subject to this Notification and this Privacy & Use policy. More... |
Sponsored Links |
|