SB17-114: Vulnerability Summary for the Week of April 17, 2017

The Patriot · #1 04-25-2017, 12:38 PM

SB17-114: Vulnerability Summary for the Week of April 17, 2017

04-24-2017 04:11 AM

Original release date: April 24, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- tomcatIn Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.2017-04-177.5 CVE-2017-5651
BID
CONFIRM
MLISTapache -- traffic_serverApache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.2017-04-177.8 CVE-2016-5396
CONFIRMcanonical -- ubuntu_linuxThe crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.2017-04-147.2 CVE-2016-0727
MISC
BID
SECTRACK
UBUNTU
CONFIRM
CONFIRMffmpeg -- ffmpegFFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.2017-04-147.5 CVE-2017-7859
BID
MISCffmpeg -- ffmpegFFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.2017-04-147.5 CVE-2017-7862
BID
MISC
MISCffmpeg -- ffmpegFFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.2017-04-147.5 CVE-2017-7863
BID
MISC
MISCffmpeg -- ffmpegFFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.2017-04-147.5 CVE-2017-7865
BID
MISC
MISCffmpeg -- ffmpegFFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.2017-04-147.5 CVE-2017-7866
BID
MISC
MISCflatcore -- flatcore-cmsSQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.2017-04-147.5 CVE-2017-7878
CONFIRMfreetype -- freetype2FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.2017-04-147.5 CVE-2016-10328
MISC
MISC
BID
MISCfreetype -- freetype2FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.2017-04-147.5 CVE-2017-7857
MISC
BID
MISCfreetype -- freetype2FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.2017-04-147.5 CVE-2017-7858
MISC
BID
MISCfreetype -- freetype2FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.2017-04-147.5 CVE-2017-7864
MISC
BID
MISCgoogle -- androidUnspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.2017-04-1710.0 CVE-2016-6726
BID
CONFIRMgrpc -- grpcGoogle gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.2017-04-147.5 CVE-2017-7860
BID
MISC
MISCgrpc -- grpcGoogle gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.2017-04-147.5 CVE-2017-7861
BID
MISC
MISCibm -- spectrum_lsfIBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741.2017-04-147.2 CVE-2017-1205
MISC
BIDlibreoffice -- libreofficeLibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.2017-04-147.5 CVE-2016-10327
BID
MISC
MISClibreoffice -- libreofficeLibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.2017-04-147.5 CVE-2017-7856
BID
MISC
MISClibreoffice -- libreofficeLibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.2017-04-147.5 CVE-2017-7870
BID
MISC
MISClibreoffice -- libreofficeLibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.2017-04-157.5 CVE-2017-7882
BID
MISC
MISClinux -- linux_kernelThe NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.2017-04-187.8 CVE-2017-7645
MISC
MISClinux -- linux_kernelThe mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.2017-04-167.2 CVE-2017-7889
MISC
MISC
BID
MISCproxifier -- proxifier_for_macProxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.2017-04-147.2 CVE-2017-7643
FULLDISC
MISC Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- tomcatA bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.2017-04-175.0 CVE-2017-5647
MLISTapache -- tomcatWhile investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.2017-04-176.4 CVE-2017-5648
BID
MLISTapache -- tomcatIn Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.2017-04-175.0 CVE-2017-5650
BID
MLISTapache -- traffic_serverApache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.2017-04-175.0 CVE-2017-5659
CONFIRMartifex -- ghostscriptThe .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.2017-04-146.8 CVE-2016-8602
CONFIRM
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRMbigtreecms -- bigtree_cmsBigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.2017-04-156.8 CVE-2017-7881
MISCbitrix_project -- bitrixMultiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.2017-04-146.0 CVE-2015-8356
MISC
BUGTRAQ
BID
MISCcybozu -- officeThe "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote authenticated users to read closed project information.2017-04-174.0 CVE-2016-4867
JVN
JVNDB
BID
CONFIRMcybozu -- officeCybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject arbitrary email headers.2017-04-174.3 CVE-2016-4868
JVN
JVNDB
BID
CONFIRMcybozu -- officeCybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain session information from users.2017-04-174.3 CVE-2016-4869
JVN
JVNDB
BID
CONFIRMcybozu -- officeCybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.2017-04-176.8 CVE-2016-4871
JVN
JVNDB
BID
CONFIRMcybozu -- officeThe "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 allows remote authenticated users to read the names of closed projects.2017-04-174.0 CVE-2016-4872
JVN
JVNDB
BID
CONFIRMcybozu -- officeThe "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not properly check access permissions, which allows remote authenticated users to alter project information.2017-04-174.0 CVE-2016-4873
JVN
JVNDB
BID
CONFIRMdatabox_project -- databox_pluginMultiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-144.3 CVE-2016-4875
JVN
JVNDB
BID
CONFIRM
CONFIRMflatcore -- flatcore-cmsCSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.2017-04-146.8 CVE-2017-7877
BID
CONFIRMflatcore -- flatcore-cmsSQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.2017-04-145.0 CVE-2017-7879
CONFIRMibm -- cognos_business_intelligenceIBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612.2017-04-175.0 CVE-2016-3036
CONFIRM
BIDibm -- financial_transaction_managerIBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.2017-04-144.0 CVE-2017-1152
CONFIRMibm -- marketing_platformIBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.2017-04-174.9 CVE-2016-0228
CONFIRM
BIDibm -- tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.2017-04-146.8 CVE-2016-8925
CONFIRM
BIDibm -- tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.2017-04-144.0 CVE-2016-8926
CONFIRMimagemagick -- imagemagickcoders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.2017-04-194.3 CVE-2014-9907
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickThe ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.2017-04-184.3 CVE-2017-7941
BID
CONFIRMimagemagick -- imagemagickThe ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.2017-04-184.3 CVE-2017-7942
BID
CONFIRMimagemagick -- imagemagickThe ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.2017-04-184.3 CVE-2017-7943
CONFIRMmantisbt -- mantisbtMantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.2017-04-166.5 CVE-2017-7615
MISC
MISC
BID
CONFIRMmongodb -- mongodbmongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.2017-04-145.0 CVE-2016-3104
BID
CONFIRM
CONFIRMmoxa -- mxviewMoxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.2017-04-145.0 CVE-2017-7455
MISC
MISC
FULLDISCmoxa -- mxviewMoxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.2017-04-145.0 CVE-2017-7456
MISC
FULLDISCpalo_alto_networks -- trapsPalo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.2017-04-145.0 CVE-2017-7408
BID
CONFIRM
CONFIRMpaloaltonetworks -- pan-osThe Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.2017-04-144.0 CVE-2017-7217
BID
CONFIRMpaloaltonetworks -- pan-osThe Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.2017-04-144.6 CVE-2017-7218
BID
CONFIRMradare -- radare2The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.2017-04-184.3 CVE-2017-7946
CONFIRM
CONFIRMsap -- netweaverSQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.2017-04-146.5 CVE-2017-7717
BID
MISCsymantec -- messaging_gatewayDirectory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.2017-04-144.0 CVE-2016-5312
MISC
FULLDISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBwolfcms -- wolf_cmsWolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.2017-04-146.5 CVE-2015-6567
MISC
MISC
MISC
CONFIRM
CONFIRMwolfcms -- wolf_cmsWolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.2017-04-146.5 CVE-2015-6568
MISC
MISC
MISC
CONFIRM
CONFIRMzohocorp -- servicedesk_plusZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.2017-04-146.5 CVE-2016-4889
JVN
JVNDB
BIDzohocorp -- servicedesk_plusZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.2017-04-145.0 CVE-2016-4890
JVN
JVNDB
BID Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocybozu -- officeCross-site scripting (XSS) vulnerability in the "Customapp" function in Cybozu Office 9.0.0 through 10.4.0.2017-04-173.5 CVE-2016-4865
JVN
JVNDB
BID
CONFIRMcybozu -- officeCross-site scripting (XSS) vulnerability in the "Project" function in Cybozu Office 9.0.0 through 10.4.0.2017-04-173.5 CVE-2016-4866
JVN
JVNDB
BID
CONFIRMcybozu -- officeCross-site scripting (XSS) vulnerability in "Schedule" function in Cybozu Office 9.0.0 through 10.4.0.2017-04-173.5 CVE-2016-4870
JVN
JVNDB
BID
CONFIRMcybozu -- officeCybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.2017-04-173.5 CVE-2016-4874
JVN
JVNDB
BID
CONFIRMibm -- cognos_business_intelligenceIBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.2017-04-173.5 CVE-2016-3037
CONFIRM
BIDibm -- cognos_business_intelligenceIBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614.2017-04-173.5 CVE-2016-3038
CONFIRM
BIDibm -- tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540.2017-04-143.5 CVE-2016-8927
CONFIRM
BIDmoxa -- mx-aopc_serverXML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.2017-04-141.9 CVE-2017-7457
MISC
FULLDISCzohocorp -- servicedesk_plusCross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-143.5 CVE-2016-4888
JVN
JVNDB
BIDzurmo -- zurmo_crmZurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.2017-04-143.5 CVE-2017-7188
BID
MISC
MISC Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info105_bank -- 105_bank_app
*The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-21not yet calculatedCVE-2016-1210
JVN
JVNDBakerun -- smart_lock_robot_app
*Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.2017-04-21not yet calculatedCVE-2016-1148
JVN
JVNDB
CONFIRMapache -- batik
*In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.2017-04-18not yet calculatedCVE-2017-5662
CONFIRMapache -- cxf
*JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.2017-04-18not yet calculatedCVE-2017-5653
CONFIRMapache -- cxf
*Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.2017-04-18not yet calculatedCVE-2017-5656
CONFIRMapache -- fop
*In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.2017-04-18not yet calculatedCVE-2017-5661
CONFIRMapache -- log4j
*In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.2017-04-17not yet calculatedCVE-2017-5645
BID
CONFIRMapple -- operating_systems
*Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-20not yet calculatedCVE-2016-4650
BID
MISC
CONFIRM
CONFIRM
CONFIRMarm_holdings -- mbed_TLS
*An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.2017-04-20not yet calculatedCVE-2017-2784
MISC
CONFIRMartifex -- artifex
*Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.2017-04-16not yet calculatedCVE-2017-7885
MISCartifex -- ghostscript
*Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.2017-04-19not yet calculatedCVE-2017-7948
CONFIRM
CONFIRMartifex -- jbig2dec
*Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code.2017-04-19not yet calculatedCVE-2017-7975
MISCartifex -- jbig2dec
*Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory.2017-04-19not yet calculatedCVE-2017-7976
MISCasterisk -- asterisk
*chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).2017-04-17not yet calculatedCVE-2016-7551
CONFIRM
DEBIAN
MISC
CONFIRM
MISCaxis_communications -- network_cameras
*Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.2017-04-17not yet calculatedCVE-2015-8256
MISC
BID
EXPLOIT-DBblackberry -- blackberry
*The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.2017-04-21not yet calculatedCVE-2016-2433
CONFIRMc/c++ -- c/c++
*International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.2017-04-14not yet calculatedCVE-2017-7868
MISC
BID
MISCc/c++ -- c/c++
*International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.2017-04-14not yet calculatedCVE-2017-7867
MISC
BID
MISCcisco -- adaptive_security_appliance_softwareA vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Note: Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.12) 9.2(4.18) 9.4(3.12) 9.5(3.2) 9.6(2.2). Cisco Bug IDs: CSCvb40898.2017-04-20not yet calculatedCVE-2017-6607
BID
CONFIRMcisco -- adaptive_security_appliance_software
*A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321.2017-04-20not yet calculatedCVE-2017-3793
BID
CONFIRMcisco -- adaptive_security_appliance_software
*A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.7) 9.2(4.11) 9.4(4) 9.5(3) 9.6(1.5). Cisco Bug IDs: CSCuz11685.2017-04-20not yet calculatedCVE-2017-6610
BID
CONFIRMcisco -- adaptive_security_appliance_software
*A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 8.4(7.31) 9.0(4.39) 9.1(7) 9.2(4.6) 9.3(3.8) 9.4(2) 9.5(2). Cisco Bug IDs: CSCuv48243.2017-04-20not yet calculatedCVE-2017-6608
BID
CONFIRMcisco -- adaptive_security_appliance_software
*A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. An attacker needs to establish a valid IPsec tunnel before exploiting this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.8) 9.2(4.15) 9.4(4) 9.5(3.2) 9.6(2). Cisco Bug IDs: CSCun16158.2017-04-20not yet calculatedCVE-2017-6609
BID
CONFIRMcisco -- findit_network_probe_software
*A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628.2017-04-20not yet calculatedCVE-2017-6614
BID
CONFIRMcisco -- firepower_system_software
*A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876.2017-04-20not yet calculatedCVE-2016-6368
BID
CONFIRMcisco -- integrated_management_controller
*A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.2017-04-20not yet calculatedCVE-2017-6616
BID
CONFIRMcisco -- integrated_management_controller
*A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.2017-04-20not yet calculatedCVE-2017-6619
BID
CONFIRMcisco -- integrated_management_controller
*A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.2017-04-20not yet calculatedCVE-2017-6617
BID
CONFIRMcisco -- integrated_management_controller
*A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587.2017-04-20not yet calculatedCVE-2017-6618
BID
CONFIRMcisco -- ios_ios_xe

*Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut47751.2017-04-20not yet calculatedCVE-2017-3861
BID
CONFIRMcisco -- ios_ios_xe
*Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCur29331.2017-04-20not yet calculatedCVE-2017-3860
BID
CONFIRMcisco -- ios_ios_xe

*Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut50727.2017-04-20not yet calculatedCVE-2017-3863
BID
CONFIRMcisco -- ios_ios_xe

*Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCuu76493.2017-04-20not yet calculatedCVE-2017-3862
BID
CONFIRMcisco -- ios_xe
*A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392.2017-04-20not yet calculatedCVE-2017-6615
BID
CONFIRMcisco -- prime
*A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCuw65830.2017-04-20not yet calculatedCVE-2017-6611
BID
CONFIRMcisco -- prime
*A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition. This vulnerability affects Cisco Prime Network Registrar on all software versions prior to 8.3.5. Cisco Bug IDs: CSCvb55412.2017-04-20not yet calculatedCVE-2017-6613
BID
CONFIRMcisco -- unified_communications_manager
*A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.2017-04-20not yet calculatedCVE-2017-3808
BID
CONFIRMcloud_foundry -- cloud_controller
*The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks.2017-04-20not yet calculatedCVE-2017-4969
CONFIRMcraft_cms -- craft_cms
*Craft CMS before 2.6.2974 allows XSS attacks.2017-04-21not yet calculatedCVE-2017-8052
CONFIRM
CONFIRMcybozu -- cybozu_kunai_app
*Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.2017-04-21not yet calculatedCVE-2016-1187
JVN
JVNDB
CONFIRM
CONFIRMcybozu -- garoon
*Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.2017-04-20not yet calculatedCVE-2016-1215
JVN
JVNDB
BID
CONFIRMcybozu -- garoon
*Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.2017-04-20not yet calculatedCVE-2016-1214
JVN
JVNDB
BID
CONFIRMcybozu -- garoon
*Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.2017-04-21not yet calculatedCVE-2016-1194
JVN
JVNDB
CONFIRMcybozu -- garoon
*Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.2017-04-20not yet calculatedCVE-2016-1217
JVN
JVNDB
BID
CONFIRMcybozu -- garoon
*The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.2017-04-20not yet calculatedCVE-2016-1213
JVN
JVNDB
BID
CONFIRMcybozu -- garoon
*Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.2017-04-20not yet calculatedCVE-2016-1216
JVN
JVNDB
BID
CONFIRMcybozu -- garoon
*SQL injection vulnerability in Cybozu Garoon before 4.2.2.2017-04-20not yet calculatedCVE-2016-1218
JVN
JVNDB
BID
CONFIRMcybozu -- garoon
*Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.2017-04-20not yet calculatedCVE-2016-1219
JVN
JVNDB
BID
CONFIRMcybozu -- garoon
*Cybozu Garoon before 4.2.2 does not properly restrict access.2017-04-20not yet calculatedCVE-2016-1220
JVN
JVNDB
BID
CONFIRMcybuzo -- mailwiseCybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.2017-04-20not yet calculatedCVE-2016-4844
JVN
JVNDB
BID
CONFIRMcybuzo -- mailwise
*Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.2017-04-20not yet calculatedCVE-2016-4843
JVN
JVNDB
BID
CONFIRMcybuzo -- mailwise
*Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.2017-04-20not yet calculatedCVE-2016-4842
JVN
JVNDB
BID
CONFIRMcybuzo -- mailwise
*Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.2017-04-21not yet calculatedCVE-2016-4841
JVN
JVNDB
BID
CONFIRMcygwin -- cygwin
*Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.2017-04-21not yet calculatedCVE-2016-3067
MLIST
MLIST
MLIST
MLIST
CONFIRMd-link -- wireless_range_extender_hardware
*D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP.2017-04-21not yet calculatedCVE-2016-1559
MISC
FULLDISC
CONFIRMd-link -- wireless_range_extenders
*Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.2017-04-21not yet calculatedCVE-2016-1558
MISC
FULLDISC
CONFIRMdmitry -- dmitry
*Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.2017-04-20not yet calculatedCVE-2017-7938
MISC
MISCdrupal -- drupal
*Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.2017-04-19not yet calculatedCVE-2017-6919
BID
CONFIRMexagrid -- firmware
*ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.2017-04-21not yet calculatedCVE-2016-1560
MISC
MISC
MISCexagrid -- firmware
*ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.2017-04-21not yet calculatedCVE-2016-1561
MISC
MISC
MISCexponent_cms -- exponent_cms
*Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.2017-04-21not yet calculatedCVE-2017-7991
MISC
MISC
MISCfeh -- feh
*In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.2017-04-14not yet calculatedCVE-2017-7875
BID
CONFIRM
CONFIRMfirewalld -- firewalld
*firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.2017-04-19not yet calculatedCVE-2016-5410
REDHAT
CONFIRM
MLIST
BID
CONFIRM
FEDORA
FEDORA
GENTOOgeeklog -- geeklog_ivywe
*Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml.2017-04-20not yet calculatedCVE-2016-4849
JVN
JVNDB
BID
CONFIRM
CONFIRM
CONFIRMgnutls -- gnutls
*GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.2017-04-14not yet calculatedCVE-2017-7869
BID
MISC
MISC
CONFIRMgoogle -- android
*Android allows users to cause a denial of service.2017-04-21not yet calculatedCVE-2016-0833
MISCgoogle -- android
*The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code.2017-04-17not yet calculatedCVE-2016-6727
CONFIRM
BID
CONFIRMgoogle -- android
*DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates.2017-04-21not yet calculatedCVE-2016-4829
JVN
JVNDBgoogle -- android
*DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates.2017-04-20not yet calculatedCVE-2016-4818
CONFIRM
JVN
JVNDB
CONFIRM
CONFIRMgoogle -- android
*WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates.2017-04-21not yet calculatedCVE-2016-4832
JVN
JVNDB
BIDgrandstream -- grandstream_wave_appThe com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.2017-04-21not yet calculatedCVE-2016-1519
MISC
BUGTRAQ
MISCgrandstream -- grandstream_wave_app
*The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.2017-04-21not yet calculatedCVE-2016-1520
MISC
BUGTRAQ
MISCgrandstream -- grandstream_wave_app
*The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/.2017-04-21not yet calculatedCVE-2016-1518
MISC
BUGTRAQ
MISChancom -- hancom_office
*Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file.2017-04-20not yet calculatedCVE-2016-4293
BID
MISCheartland_payment_systems -- heartland_payment_systems
*Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter.2017-04-21not yet calculatedCVE-2017-7992
MISChipchat -- hipchat
*Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.2017-04-14not yet calculatedCVE-2017-7357
BUGTRAQ
BID
CONFIRM
CONFIRMibm -- api_connect
*IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956.2017-04-17not yet calculatedCVE-2017-1161
CONFIRM
BIDibm -- curam_social_program_management
*IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.2017-04-20not yet calculatedCVE-2016-8923
CONFIRMibm -- curam_social_program_management
*IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255.2017-04-20not yet calculatedCVE-2016-9979
CONFIRMibm -- curam_social_program_management
*IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.2017-04-20not yet calculatedCVE-2016-9978
CONFIRMibm -- curam_social_program_management
*IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256.2017-04-20not yet calculatedCVE-2016-9980
CONFIRMibm -- financial_transition_manager
*IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892.2017-04-17not yet calculatedCVE-2017-1160
CONFIRM
BIDibm -- security_guardium
*IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.2017-04-20not yet calculatedCVE-2017-1122
CONFIRMimagemagick -- imagemagickmagick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.2017-04-20not yet calculatedCVE-2016-7536
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickHeap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.2017-04-20not yet calculatedCVE-2016-7521
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickMagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.2017-04-19not yet calculatedCVE-2016-7537
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickThe ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.2017-04-19not yet calculatedCVE-2016-7519
MLIST
BID
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickcoders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.2017-04-20not yet calculatedCVE-2015-8959
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickThe ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.2017-04-19not yet calculatedCVE-2016-7522
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.2017-04-19not yet calculatedCVE-2016-7529
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.2017-04-20not yet calculatedCVE-2016-7527
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.2017-04-20not yet calculatedCVE-2016-7530
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.2017-04-19not yet calculatedCVE-2016-7528
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.2017-04-20not yet calculatedCVE-2016-7526
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.2017-04-20not yet calculatedCVE-2016-7538
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format.2017-04-20not yet calculatedCVE-2016-7540
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.2017-04-20not yet calculatedCVE-2016-7535
MLIST
BID
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.2017-04-20not yet calculatedCVE-2016-7534
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.2017-04-20not yet calculatedCVE-2016-7532
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.2017-04-19not yet calculatedCVE-2016-7533
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.2017-04-19not yet calculatedCVE-2016-7531
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.2017-04-20not yet calculatedCVE-2016-7525
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.2017-04-20not yet calculatedCVE-2016-7514
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors.2017-04-20not yet calculatedCVE-2016-7513
MLIST
BID
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.2017-04-20not yet calculatedCVE-2015-8957
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.2017-04-20not yet calculatedCVE-2016-5010
CONFIRM
CONFIRMimagemagick -- imagemagick
*The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.2017-04-19not yet calculatedCVE-2016-7515
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.2017-04-20not yet calculatedCVE-2015-8958
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file.2017-04-20not yet calculatedCVE-2016-7516
MLIST
BID
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.2017-04-20not yet calculatedCVE-2016-7520
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file.2017-04-20not yet calculatedCVE-2016-7518
MLIST
BID
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
*The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.2017-04-20not yet calculatedCVE-2016-7517
MLIST
BID
CONFIRM
CONFIRM
CONFIRMimageworsener -- imageworsener
*The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.2017-04-18not yet calculatedCVE-2017-7940
CONFIRMimageworsener -- imageworsener

*The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.2017-04-19not yet calculatedCVE-2017-7962
MISC
MISC
MISCimageworsener -- imageworsener
*The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file.2017-04-18not yet calculatedCVE-2017-7939
CONFIRMirregex -- irregex
*The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern.2017-04-21not yet calculatedCVE-2016-9954
MLIST
BID
CONFIRM
CONFIRMjackson -- jackson
*XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.2017-04-14not yet calculatedCVE-2016-7051
BID
CONFIRMjetstar -- jetstar_app
*Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-21not yet calculatedCVE-2016-1221
JVN
JVNDBkintone -- kintone_mobile_app
*Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.2017-04-21not yet calculatedCVE-2016-1186
JVN
JVNDB
CONFIRMlexmark -- perceptive_document_filters
*An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.24002017-04-20not yet calculatedCVE-2017-2806
MISClhasa_limited -- lhasa
*Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.2017-04-21not yet calculatedCVE-2016-2347
SUSE
SUSE
DEBIAN
MISC
CONFIRM
CONFIRMlibcroco -- libcroco
*The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.2017-04-19not yet calculatedCVE-2017-7960
MISC
MISClibcroco -- libcroco
*The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file.2017-04-19not yet calculatedCVE-2017-7961
MISC
MISClibplist -- libplist
*Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.2017-04-20not yet calculatedCVE-2017-7982
CONFIRMlinux -- linux_kernel
*The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.2017-04-19not yet calculatedCVE-2017-7979
MISC
MISC
MISC
MISC
MISC
MISC
MISCmanageengine -- password_manager_pro
*Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500).2017-04-20not yet calculatedCVE-2016-1161
MISC
BID
MISCmantisbt -- mantisbt
*A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.2017-04-18not yet calculatedCVE-2017-7897
CONFIRM
CONFIRM
CONFIRMmediawiki -- mediawiki
*MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.2017-04-20not yet calculatedCVE-2016-6335
CONFIRM
MLIST
CONFIRM
CONFIRMmediawiki -- mediawiki
*ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.2017-04-20not yet calculatedCVE-2016-6331
CONFIRM
MLIST
CONFIRMmediawiki -- mediawiki
*MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.2017-04-20not yet calculatedCVE-2016-6337
MLIST
CONFIRMmediawiki -- mediawiki
*Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.2017-04-20not yet calculatedCVE-2016-6334
CONFIRM
MLIST
CONFIRMmediawiki -- mediawiki
*MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.2017-04-20not yet calculatedCVE-2016-6336
CONFIRM
MLIST
CONFIRMmediawiki -- mediawiki
*Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.2017-04-20not yet calculatedCVE-2016-6333
CONFIRM
MLIST
CONFIRMmediawiki -- mediawiki
*MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.2017-04-20not yet calculatedCVE-2016-6332
CONFIRM
MLIST
CONFIRMmicrosoft -- windows
*LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.2017-04-20not yet calculatedCVE-2016-4850
JVN
JVNDB
BID
CONFIRMmoodle -- moodle

*Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.2017-04-20not yet calculatedCVE-2016-3734
CONFIRM
MLIST
BID
SECTRACK
CONFIRMmoodle -- moodle

*The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.2017-04-20not yet calculatedCVE-2016-3733
CONFIRM
MLIST
SECTRACK
CONFIRMmoodle -- moodle

*Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions.2017-04-20not yet calculatedCVE-2016-3731
MLIST
SECTRACK
CONFIRMmoodle -- moodle

*The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.2017-04-20not yet calculatedCVE-2016-3732
MLIST
SECTRACK
CONFIRMmoodle -- moodle
*The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.2017-04-20not yet calculatedCVE-2016-3729
MLIST
SECTRACK
CONFIRMmoxa -- awk-3131a_wireless_access_point_firmware
*An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely.2017-04-20not yet calculatedCVE-2016-8721
MISCnetgear -- wireless_access_points
*Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.2017-04-21not yet calculatedCVE-2016-1557
MISC
FULLDISC
CONFIRMnetgear -- wireless_access_points
*Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.2017-04-21not yet calculatedCVE-2016-1556
MISC
FULLDISC
CONFIRMnetgear -- wireless_access_points
*(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.2017-04-21not yet calculatedCVE-2016-1555
MISC
FULLDISC
CONFIRMnetiq -- access_manager
*NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.2017-04-20not yet calculatedCVE-2017-5183
CONFIRMnetiq -- access_manager
*NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.2017-04-20not yet calculatedCVE-2017-5190
CONFIRMnovell -- novell_groupwiseInteger overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.2017-04-20not yet calculatedCVE-2016-5762
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
MISCnovell -- novell_groupwise
*Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.2017-04-20not yet calculatedCVE-2016-5760
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
MISCnovell -- novell_groupwise
*Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.2017-04-20not yet calculatedCVE-2016-5761
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
MISCopenmrs -- openmrs
*The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.2017-04-20not yet calculatedCVE-2017-7990
MISC
MISCopenstack -- manila
*Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.2017-04-21not yet calculatedCVE-2016-6519
REDHAT
REDHAT
REDHAT
MLIST
BID
CONFIRM
CONFIRMopentext -- documentum
*OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532.2017-04-20not yet calculatedCVE-2017-7220
MISC
MISC
MISCopera -- opera_web_browser
*Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.2017-04-20not yet calculatedCVE-2016-4075
MISCossec -- ossec_web_user_interface
*Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex.2017-04-20not yet calculatedCVE-2016-4847
JVN
JVNDB
BID
CONFIRMovirt -- ovirt_engine
*oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.2017-04-20not yet calculatedCVE-2016-6341
BID
CONFIRM
CONFIRM
CONFIRMpalo_alto_networks -- pan_os
*Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.2017-04-20not yet calculatedCVE-2017-7409
CONFIRMpcs_software -- pcs
*Session fixation vulnerability in pcsd in pcs before 0.9.157.2017-04-21not yet calculatedCVE-2016-0721
FEDORA
FEDORA
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRMpcs_software -- pcs
*Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.2017-04-21not yet calculatedCVE-2016-0720
FEDORA
FEDORA
REDHAT
CONFIRM
CONFIRMphotopt -- photopt_app
*Photopt for Android before 2.0.1 does not verify SSL certificates.2017-04-21not yet calculatedCVE-2016-1198
JVN
JVNDB
CONFIRMphp -- php
*The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.2017-04-21not yet calculatedCVE-2016-5399
MISC
CONFIRM
CONFIRM
FULLDISC
MLIST
BUGTRAQ
BID
SECTRACK
CONFIRM
CONFIRM
EXPLOIT-DBphusionpassenger -- phusionpassenger
*In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.2017-04-18not yet calculatedCVE-2016-10345
CONFIRM
CONFIRMpodpfo -- podpfoPoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).2017-04-22not yet calculatedCVE-2017-8053
MISC
MISCpodpfo -- podpfo
*The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.2017-04-21not yet calculatedCVE-2017-7994
MISC
MISCpodpfo -- podpfo
*The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.2017-04-22not yet calculatedCVE-2017-8054
MISCqemu -- qemu
*hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.2017-04-20not yet calculatedCVE-2017-7718
CONFIRM
MLIST
CONFIRMquest_software -- privilege_manager
*pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.2017-04-14not yet calculatedCVE-2017-6554
MISC
BID
EXPLOIT-DBquickheal -- quickheal
*The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.2017-04-20not yet calculatedCVE-2015-8285
EXPLOIT-DBred_hat -- cloudforms_management_engine
*Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.2017-04-21not yet calculatedCVE-2016-3702
CONFIRMred_hat -- enterprise_virtualization_manager
*ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.2017-04-20not yet calculatedCVE-2016-6338
BID
CONFIRMred_hat -- jboss_brms
*Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.2017-04-20not yet calculatedCVE-2016-5401
CONFIRMred_hat -- openshift_enterprise_2
*Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.2017-04-20not yet calculatedCVE-2016-5409
CONFIRMred_hat -- quickstart_cloud_installer
*The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.2017-04-14not yet calculatedCVE-2016-7060
BID
REDHAT
CONFIRMresteasy -- resteasy
*Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-20not yet calculatedCVE-2016-6347
BID
CONFIRMruby -- ruby
*The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.2017-04-19not yet calculatedCVE-2013-7463
MISCsamsung -- android
*Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.2017-04-19not yet calculatedCVE-2017-7978
CONFIRMsandstorm -- cap'n_proto
*Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message.2017-04-17not yet calculatedCVE-2017-7892
CONFIRMschneider_electric -- wonderware_intouch_access_anywhere
*An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.2017-04-20not yet calculatedCVE-2017-5160
MISC
BID
MISCschneider_electric -- wonderware_intouch_access_anywhere
*An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.2017-04-20not yet calculatedCVE-2017-5158
MISC
BID
MISCschneider_electric -- wonderware_intouch_access_anywhere
*A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user.2017-04-20not yet calculatedCVE-2017-5156
MISC
BID
MISCsecurebrain -- phishwall_client
*Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2.2017-04-21not yet calculatedCVE-2016-4846
JVN
JVNDB
CONFIRM
BIDshopware -- shopware
*The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.2017-04-21not yet calculatedCVE-2016-3109
MISC
BUGTRAQ
CONFIRMskia -- skia
*Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.2017-04-21not yet calculatedCVE-2016-5168
CONFIRM
CONFIRM
MISCsourcebans-pp -- sourcebans-pp
*sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter.2017-04-17not yet calculatedCVE-2017-7891
BID
MISCspring_amqp -- spring_amqp
*org.springframework.core.serializer.DefaultDeseri alizer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.2017-04-21not yet calculatedCVE-2016-2173
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRMsquirrelmail -- squirrelmail
*SquirrelMail 1.4.22 allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting.2017-04-20not yet calculatedCVE-2017-7692
MISC
MISCsushiro -- sushiro_app
*Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates.2017-04-21not yet calculatedCVE-2016-4830
JVN
JVNDB
BIDtenable -- appliance

*Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.2017-04-21not yet calculatedCVE-2017-8051
CONFIRM
MISC
EXPLOIT-DBtenable -- appliance
*Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.2017-04-21not yet calculatedCVE-2017-8050
CONFIRM
MISCtenable -- nessus
*Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.2017-04-19not yet calculatedCVE-2017-7850
CONFIRMtenable -- nessus
*Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.2017-04-19not yet calculatedCVE-2017-7849
CONFIRMtokyo_star_bank -- tokyo_star_bank_app
*Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.2017-04-21not yet calculatedCVE-2016-1184
JVN
JVNDB
CONFIRMtoshiba -- coordinate_plus_app
*Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.2017-04-21not yet calculatedCVE-2016-4840
JVN
JVNDB
BIDtrend_micro -- interscan_messaging_security_virtual_appliance
*Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.2017-04-18not yet calculatedCVE-2017-7896
BID
CONFIRMtwigmo -- twigmo_for_cs-cart
*Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.2017-04-20not yet calculatedCVE-2016-4862
JVN
JVNDB
CONFIRM
BIDunitrends -- enterprise_backup
*An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.2017-04-19not yet calculatedCVE-2017-7283
MISC
MISCunitrends -- enterprise_backup
*An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI).2017-04-19not yet calculatedCVE-2017-7282
MISC
MISCunrtf -- unrtf
*Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.2017-04-21not yet calculatedCVE-2016-10091
CONFIRM
MLIST
MLIST
BID
CONFIRMwatchguard -- fireware
*WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox.2017-04-22not yet calculatedCVE-2017-8056
MISC
MISC
MISC
MISCwatchguard -- fireware
*WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.2017-04-22not yet calculatedCVE-2017-8055
MISC
MISC
MISC
MISCwondercms -- wondercms
*WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.2017-04-20not yet calculatedCVE-2017-7951
CONFIRM
CONFIRMzyxel -- wre6505
*Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.2017-04-19not yet calculatedCVE-2017-7964
MISC Back to top
This product is provided subject to this Notification and this Privacy & Use policy.

More...