US CERT

Drupal Releases Security Updates

3 days 14 hours ago
Original release date: April 19, 2017

Drupal has released an advisory to address a vulnerability in Drupal core 8.x versions prior to 8.2.8 and 8.3.1. A remote attacker could exploit this vulnerability to obtain sensitive information.

US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.2.8 or 8.3.1.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

3 days 14 hours ago
Original release date: April 19, 2017

Cisco has released updates to address several high-impact vulnerabilities affecting multiple products. These and other lower-impact vulnerabilities are listed at Cisco Security Advisories and Alerts. A remote attacker could exploit one of the high-impact vulnerabilities to cause a denial-of-service condition.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Mozilla Releases Security Updates

3 days 14 hours ago
Original release date: April 19, 2017

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Google Releases Security Updates for Chrome

3 days 14 hours ago
Original release date: April 19, 2017

Google has released Chrome version 58.0.3029.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker may exploit to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

VMware Releases Security Updates

4 days 18 hours ago
Original release date: April 18, 2017

VMware has released security updates to address vulnerabilities in Unified Access Gateway, Horizon View, and Workstation. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0008 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Oracle Releases Security Bulletin

4 days 18 hours ago
Original release date: April 18, 2017

Oracle has released its Critical Patch Update for April 2017 to address 299 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle April 2017 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

SB17-107: Vulnerability Summary for the Week of April 10, 2017

6 days 4 hours ago
Original release date: April 17, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoamazon -- fire_osStack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.2017-04-0910.0CVE-2015-7292
MISCatlassian -- jiraThe JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.2017-04-107.5CVE-2017-5983
MISC
BID
CONFIRM
CONFIRM
CERT-VNaxis -- axis_communications_firmwareAXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."2017-04-097.8CVE-2015-8258
EXPLOIT-DBbotan_project -- botanbotan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.2017-04-107.8CVE-2015-7825
CONFIRM
CONFIRMbotan_project -- botanbotan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.2017-04-107.5CVE-2015-7826
CONFIRM
CONFIRMbotan_project -- botanThe Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.2017-04-107.5CVE-2016-6878
CONFIRMcisco -- aironet_access_pointA vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).2017-04-077.2CVE-2016-9196
BID
CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115).2017-04-077.2CVE-2017-6597
BID
CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69).2017-04-077.2CVE-2017-6598
BID
CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136.2017-04-077.2CVE-2017-6600
BID
CONFIRMcisco -- firepower_management_centerA vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.2017-04-077.1CVE-2017-3885
BID
CONFIRMcisco -- mobility_services_engineA vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).2017-04-077.2CVE-2016-9197
BID
CONFIRMcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has a format string issue exploitable over SNMP.2017-04-097.5CVE-2016-5074
MISCdataprobe -- ibootbar_firmwareDataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.2017-04-077.5CVE-2007-6759
MISCdataprobe -- ibootbar_firmwareDataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.2017-04-077.5CVE-2007-6760
MISCdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.2017-04-097.5CVE-2015-7271
MISC
BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.2017-04-097.5CVE-2015-7272
MISC
BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.2017-04-097.5CVE-2015-7273
MISCgnu -- binutilselflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.2017-04-097.5CVE-2017-7614
MISCgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.2017-04-079.3CVE-2017-0538
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.2017-04-079.3CVE-2017-0539
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.2017-04-079.3CVE-2017-0540
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.2017-04-079.3CVE-2017-0541
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.2017-04-079.3CVE-2017-0542
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866.2017-04-079.3CVE-2017-0543
BID
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.2017-04-079.3CVE-2017-0544
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350.2017-04-079.3CVE-2017-0545
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.2017-04-079.3CVE-2017-0546
BID
CONFIRMgoogle -- androidA remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.2017-04-077.1CVE-2017-0548
BID
CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508.2017-04-077.1CVE-2017-0549
BID
CONFIRM
CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140.2017-04-077.1CVE-2017-0550
BID
CONFIRM
CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097231.2017-04-077.1CVE-2017-0551
BID
CONFIRM
CONFIRM
CONFIRMgoogle -- androidA remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915.2017-04-077.1CVE-2017-0552
BID
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065.2017-04-077.6CVE-2017-0553
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. References: M-ALPS02898189.2017-04-079.3CVE-2017-0562
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516.2017-04-077.6CVE-2017-0565
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367.2017-04-077.6CVE-2017-0566
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406.2017-04-077.6CVE-2017-0578
BID
CONFIRMgynoii -- gcw-1010Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.2017-04-0910.0CVE-2015-2881
MISCibaby -- m3s_baby_monitor_firmwareiBaby M3S has a password of admin for the backdoor admin account.2017-04-0910.0CVE-2015-2887
MISClens_laboratories -- peek-a-view_firmwareLens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.2017-04-0910.0CVE-2015-2885
MISClinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.2017-04-077.6CVE-2017-0454
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.2017-04-077.6CVE-2017-0462
CONFIRMlinux -- linux_kernelA remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.2017-04-0710.0CVE-2017-0561
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409.2017-04-079.3CVE-2017-0563
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203.2017-04-079.3CVE-2017-0564
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575.2017-04-077.6CVE-2017-0567
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600.2017-04-077.6CVE-2017-0568
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666.2017-04-077.6CVE-2017-0569
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688.2017-04-077.6CVE-2017-0570
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541.2017-04-077.6CVE-2017-0571
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597.2017-04-077.6CVE-2017-0572
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539.2017-04-077.6CVE-2017-0573
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189.2017-04-077.6CVE-2017-0574
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099.2017-04-077.6CVE-2017-0575
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.2017-04-077.6CVE-2017-0576
BID
MISC
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951.2017-04-077.6CVE-2017-0577
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406.2017-04-077.6CVE-2017-0579
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.2017-04-077.6CVE-2017-0580
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485.2017-04-077.6CVE-2017-0581
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836.2017-04-077.6CVE-2017-0582
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788.2017-04-077.6CVE-2017-0583
BID
CONFIRMlinux -- linux_kernelcrypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.2017-04-107.8CVE-2017-7618
MISC
BIDnews_system_project -- news_systemSQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.2017-04-077.5CVE-2017-7581
MISCninka_project -- ninkaNinka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.2017-04-107.5CVE-2017-7239
MLIST
BID
CONFIRMosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.2017-04-097.5CVE-2016-5053
MISCphilips -- in.sight_b120\37Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.2017-04-0910.0CVE-2015-2882
MISCproxygen_project -- proxygenThe SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.2017-04-097.5CVE-2015-7264
MISCschneider-electric -- conext_combox_865-1058_firmwareAn issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.2017-04-077.8CVE-2017-6019
CONFIRM
BID
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.2017-04-097.5CVE-2016-5065
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.2017-04-0910.0CVE-2016-5066
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.2017-04-099.0CVE-2016-5067
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.2017-04-097.5CVE-2016-5068
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.2017-04-097.5CVE-2016-5069
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.2017-04-0910.0CVE-2016-5071
MISCsophos -- cyberoam_cr25ing_utm_firmwareSophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.2017-04-079.0CVE-2016-7786
MISCsummer_infant -- baby_zoom_wifi_monitor_firmwareSummer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.2017-04-097.5CVE-2015-2888
MISCtrendnet -- tv-ip743sicTRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.2017-04-099.0CVE-2015-2880
MISCvertivco -- liebert_multilink_automated_shutdownLiebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.2017-04-097.2CVE-2015-7260
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- igniteApache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.2017-04-074.3CVE-2016-6805
CONFIRM
BIDatlassian -- bitbucketAtlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.2017-04-094.0CVE-2016-4320
BID
MISCatlassian -- jiraAtlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.2017-04-096.8CVE-2016-4319
BID
MISCaxis -- axis_communications_firmwareAXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.2017-04-096.8CVE-2015-8255
EXPLOIT-DBbotan_project -- botanbotan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.2017-04-105.0CVE-2015-7824
CONFIRM
CONFIRMbotan_project -- botanThe X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.2017-04-105.0CVE-2016-6879
CONFIRMcastle_rock_computing -- snmpcCastle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.2017-04-094.3CVE-2015-6027
MISCcastle_rock_computing -- snmpcCastle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.2017-04-096.5CVE-2015-6028
MISCcesanta -- mongoose_osUse-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.2017-04-105.0CVE-2017-7185
BUGTRAQ
BID
CONFIRM
CONFIRM
MISCcisco -- asr_900_series_firmwareA vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP.2017-04-076.1CVE-2017-6603
BID
CONFIRMcisco -- firepower_threat_defenseA vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.2017-04-074.3CVE-2017-3887
BID
CONFIRMcisco -- ios_xeA vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.2017-04-076.9CVE-2017-6606
BID
CONFIRMcisco -- ios_xrA vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL.2017-04-075.0CVE-2017-6599
BID
CONFIRMcisco -- prime_infrastructureA vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0).2017-04-074.3CVE-2017-3848
BID
CONFIRMcisco -- prime_infrastructureA vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).2017-04-074.0CVE-2017-3884
BID
CONFIRMcisco -- registered_envelope_serviceA vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015.2017-04-075.8CVE-2017-3889
BID
CONFIRMcisco -- unified_communications_managerA vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).2017-04-074.0CVE-2017-3886
BID
CONFIRMcisco -- unified_computing_systemA vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.2017-04-075.8CVE-2017-6604
BID
CONFIRMcisco -- unified_computing_system_directorA vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0).2017-04-074.0CVE-2017-3817
BID
CONFIRMcisco -- wireless_lan_controllerA vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3).2017-04-075.0CVE-2016-9195
BID
CONFIRMcloudera -- cdhImpala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.2017-04-105.0CVE-2016-6605
CONFIRMcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has XSS via SNMP.2017-04-094.3CVE-2016-5073
MISCcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a has XSS via a TELNET login.2017-04-094.3CVE-2016-5075
MISCcloudviewnms -- cloudview_nmsCloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.2017-04-095.0CVE-2016-5076
MISCdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.2017-04-094.6CVE-2015-7270
MISC
BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.2017-04-096.5CVE-2015-7274
MISC
BID
BIDdell -- integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.2017-04-094.3CVE-2015-7275
MISC
BIDdlink -- dwr-116_firmwareDirectory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.2017-04-105.0CVE-2017-6190
BID
MISCelfutils_project -- elfutilsThe handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7607
MISCelfutils_project -- elfutilsThe ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7608
MISCelfutils_project -- elfutilself_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-04-094.3CVE-2017-7609
MISCelfutils_project -- elfutilsThe check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7610
MISCelfutils_project -- elfutilsThe check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7611
MISCelfutils_project -- elfutilsThe check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.2017-04-094.3CVE-2017-7612
MISCelfutils_project -- elfutilselflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-04-094.3CVE-2017-7613
MISCeparaksts -- eparakstitajs_3LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.2017-04-094.3CVE-2015-8275
MISCeparaksts -- eparakstitajs_3LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files.2017-04-094.3CVE-2015-8276
MISCfoxitsoftware -- foxit_pdf_toolkitMemory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.2017-04-076.8CVE-2017-7584
BID
CONFIRMgoogle -- androidAn information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.2017-04-074.3CVE-2017-0547
BID
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.2017-04-076.8CVE-2017-0554
BID
CONFIRMgoogle -- androidAn information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775.2017-04-074.3CVE-2017-0555
BID
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952.2017-04-074.3CVE-2017-0556
BID
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.2017-04-074.3CVE-2017-0557
BID
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.2017-04-074.3CVE-2017-0558
BID
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722.2017-04-074.3CVE-2017-0559
BID
CONFIRMgoogle -- androidAn information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.2017-04-074.3CVE-2017-0560
BID
CONFIRMibaby -- m6_baby_monitor_firmwareiBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.2017-04-095.0CVE-2015-2886
MISCilias_project -- iliasILIAS before 5.2.3 has XSS via SVG documents.2017-04-074.3CVE-2017-7583
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickcoders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-094.3CVE-2017-7606
MISCimagemagick -- imagemagickIn ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.2017-04-105.0CVE-2017-7619
CONFIRMimageworsener_project -- imageworsenerThe iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.2017-04-104.3CVE-2017-7623
BID
CONFIRMimageworsener_project -- imageworsenerThe iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.2017-04-104.3CVE-2017-7624
BID
CONFIRMjive_software -- jiveJive before 2016.3.1 has an open redirect from the external-link.jspa page.2017-04-095.8CVE-2016-4334
MISCkeepassx_project -- keepassxIn KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.2017-04-105.0CVE-2015-8378
CONFIRM
CONFIRMlibaacplus_project -- libaacplusau_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8CVE-2017-7603
MISClibaacplus_project -- libaacplusau_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8CVE-2017-7604
MISClibaacplus_project -- libaacplusaacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-096.8CVE-2017-7605
MISClibming -- libmingMultiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831.2017-04-076.8CVE-2017-7578
CONFIRMlibsndfile_project -- libsndfileIn libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.2017-04-074.3CVE-2017-7585
CONFIRM
CONFIRM
CONFIRM
MISClibsndfile_project -- libsndfileIn libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.2017-04-074.3CVE-2017-7586
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRMlibtiff -- libtiffThe putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7592
MISC
BIDlibtiff -- libtifftif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.2017-04-094.3CVE-2017-7593
MISC
BIDlibtiff -- libtiffThe OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.2017-04-094.3CVE-2017-7594
MISC
BIDlibtiff -- libtiffThe JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.2017-04-094.3CVE-2017-7595
MISClibtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7596
BID
MISClibtiff -- libtifftif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7597
BID
MISClibtiff -- libtifftif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.2017-04-094.3CVE-2017-7598
BID
MISClibtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7599
BID
BID
MISClibtiff -- libtiffLibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7600
MISClibtiff -- libtiffLibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7601
BID
MISClibtiff -- libtiffLibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.2017-04-096.8CVE-2017-7602
BID
MISCnetapp -- clustered_data_ontapNetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.2017-04-105.0CVE-2017-5988
CONFIRMnetikus -- eventsentryNetikus EventSentry before 3.2.1.44 has XSS via SNMP.2017-04-094.3CVE-2016-5077
MISCopencv -- opencvOpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.2017-04-096.8CVE-2016-1516
MISC
MISCopencv -- opencvOpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.2017-04-094.3CVE-2016-1517
MISC
MISCopenidm_project -- openidmIn OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js.2017-04-084.0CVE-2017-7589
MISC
CONFIRMopenidm_project -- openidmOpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.2017-04-084.3CVE-2017-7590
MISC
CONFIRMopenidm_project -- openidmOpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.2017-04-084.3CVE-2017-7591
MISC
CONFIRMopmantek -- network_management_information_systemOpmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.2017-04-096.0CVE-2016-6534
MISCopsview -- opsviewOpsview before 2015-11-06 has XSS via SNMP.2017-04-094.3CVE-2015-6035
MISCosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.2017-04-095.0CVE-2016-5051
MISCosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.2017-04-095.0CVE-2016-5052
MISCosram -- lightify_homeOSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.2017-04-095.0CVE-2016-5054
MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page.2017-04-094.3CVE-2016-5055
MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.2017-04-095.0CVE-2016-5056
MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.2017-04-095.0CVE-2016-5057
MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.2017-04-095.0CVE-2016-5058
MISCosram -- lightify_proOSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application.2017-04-094.0CVE-2016-5059
MISCoxidforge -- oxid_eshopOXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.2017-04-096.5CVE-2016-5072
MISCpaessler -- prtgPaessler PRTG before 16.2.24.4045 has XSS via SNMP.2017-04-094.3CVE-2016-5078
MISCphilips -- in.sight_b120\37Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.2017-04-095.0CVE-2015-2884
MISCphpmyfaq -- phpmyfaqinc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.2017-04-074.3CVE-2017-7579
CONFIRM
CONFIRMpivotx -- pivotxPivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.2017-04-076.5CVE-2017-7570
MISCproxygen_project -- proxygenThe SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.2017-04-095.0CVE-2015-7263
MISCproxygen_project -- proxygenFacebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.2017-04-095.0CVE-2015-7265
MISCsap -- netweaverThe SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.2017-04-104.0CVE-2016-10304
MISCsap -- sql_anywhereBuffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778.2017-04-104.0CVE-2016-10310
BID
MISCschneider-electric -- interactive_graphical_scada_systemA DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path.2017-04-076.8CVE-2017-6033
CONFIRM
BID
MISCsierrawireless -- aleos_firmwareSierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.2017-04-095.0CVE-2016-5070
MISCspiceworks -- desktopSpiceworks Desktop before 2015-12-01 has XSS via an SNMP response.2017-04-094.3CVE-2015-6021
MISCsummer_infant -- baby_zoom_wifi_monitor_firmwareSummer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.2017-04-096.5CVE-2015-2889
MISCswagger_project -- swagger-uiSwagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.2017-04-094.3CVE-2016-5682
MISCvisioncritical -- vision_criticalVision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files.2017-04-095.0CVE-2014-2960
MISCweb2py -- web2pyweb2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.2017-04-105.0CVE-2016-10321
CONFIRM
CONFIRMxiongmai_technologies -- uc-httpdXiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.2017-04-075.0CVE-2017-7577
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- apple_musicThe Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-072.9CVE-2017-2387
MISC
BID
CONFIRMatlassian -- confluenceAtlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.2017-04-093.5CVE-2016-4317
BID
MISCatlassian -- jiraAtlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.2017-04-093.5CVE-2016-4318
BID
MISCcisco -- firepower_extensible_operating_systemA vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647).2017-04-073.6CVE-2017-6601
BID
CONFIRMcisco -- firepower_extensible_operating_systemA vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138).2017-04-073.6CVE-2017-6602
BID
CONFIRMcisco -- unified_communications_managerA vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).2017-04-073.5CVE-2017-3888
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731.2017-04-072.6CVE-2017-0584
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.2017-04-072.6CVE-2017-0585
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.2017-04-072.6CVE-2017-0586
BID
CONFIRMlinux -- linux_kernelIncorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.2017-04-102.1CVE-2017-7616
CONFIRM
BID
CONFIRMopmantek -- network_management_information_systemOpmantek NMIS before 8.5.12G has XSS via SNMP.2017-04-093.5CVE-2016-5642
MISCphilips -- in.sight_b120\37Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.2017-04-093.5CVE-2015-2883
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_flash_playerAdobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3058
BID
CONFIRMadobe -- acrobat_flash_playerAdobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3063
BID
CONFIRMadobe -- acrobat_flash_player
 Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3062
BID
CONFIRMadobe -- acrobat_flash_player
 Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3060
BID
CONFIRMadobe -- acrobat_flash_player
 Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3061
BID
CONFIRMadobe -- acrobat_flash_player
 Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3059
BID
CONFIRMadobe -- acrobat_flash_player
 Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3064
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3023
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) format parser. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3019
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin.2017-04-12not yet calculatedCVE-2017-3012
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when manipulating PDF annotations. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3024
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the renderer functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3018
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3026
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of JPEG files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3051
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging.2017-04-12not yet calculatedCVE-2017-3013
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module.2017-04-12not yet calculatedCVE-2017-3020
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.2017-04-12not yet calculatedCVE-2017-3021
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.2017-04-12not yet calculatedCVE-2017-3022
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3011
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3057
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3030
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal scan line representation in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3048
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.2017-04-12not yet calculatedCVE-2017-3032
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset form functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3014
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3056
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3044
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to manipulation of EMF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3054
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3015
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3017
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3050
BID
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3025
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3027
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3028
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.2017-04-12not yet calculatedCVE-2017-3029
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.2017-04-12not yet calculatedCVE-2017-3033
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.2017-04-12not yet calculatedCVE-2017-3031
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3035
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3038
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3065
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3036
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3037
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3034
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3039
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3041
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3042
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 image compression module. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3040
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box.2017-04-12not yet calculatedCVE-2017-3045
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stream parsing.2017-04-12not yet calculatedCVE-2017-3046
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality.2017-04-12not yet calculatedCVE-2017-3043
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3049
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EMF - enhanced meta file format.2017-04-12not yet calculatedCVE-2017-3052
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files.2017-04-12not yet calculatedCVE-2017-3053
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3047
BID
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3055
BID
CONFIRMadobe -- campaignAdobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.2017-04-12not yet calculatedCVE-2017-2989
BID
CONFIRMadobe -- photoshop_ccAdobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files. Successful exploitation could lead to arbitrary code execution.2017-04-12not yet calculatedCVE-2017-3004
BID
CONFIRMadobe -- photoshop_cc
 Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.2017-04-12not yet calculatedCVE-2017-3005
BID
CONFIRMadobe -- thorAdobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.2017-04-12not yet calculatedCVE-2017-3006
BID
CONFIRMadobe -- thorAdobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.2017-04-12not yet calculatedCVE-2017-3007
BID
CONFIRMapache -- tomcatBuffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.2017-04-12not yet calculatedCVE-2016-6808
MISC
REDHAT
FULLDISC
CONFIRM
MLIST
BID
SECTRACK
REDHAT
REDHATapache -- tomee
 The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.2017-04-11not yet calculatedCVE-2016-0779
MISC
MLIST
CONFIRM
BUGTRAQ
BID
MISCapple -- ios_shoplat_applicationShoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.2017-04-13not yet calculatedCVE-2016-1132
JVN
JVNDBapple -- mac_os_x
 Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.2017-04-13not yet calculatedCVE-2010-1821
APPLEapple -- mac_os_x
 Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image.2017-04-13not yet calculatedCVE-2010-1816
APPLEappleple -- a-blog_cmsCross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.2017-04-12not yet calculatedCVE-2016-1179
JVN
JVNDB
CONFIRMappleple -- a-blog_cmsThe session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.2017-04-12not yet calculatedCVE-2016-1178
JVN
JVNDB
CONFIRMasterisk -- asterisk
 Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.2017-04-10not yet calculatedCVE-2017-7617
CONFIRM
BID
CONFIRMatutor -- atutorSQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.2017-04-13not yet calculatedCVE-2016-2555
MISC
MISC
CONFIRM
CONFIRMauromeera -- emli
 Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.2017-04-11not yet calculatedCVE-2017-7621
MISCbigtree_cms -- bigtree_cms
 Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.2017-04-11not yet calculatedCVE-2017-7695
MISC
MISC
MISCbigtree_cms -- bigtree_cms
 BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.2017-04-15not yet calculatedCVE-2017-7881
MISC
MISCbitrix -- bitrix
 Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.2017-04-14not yet calculatedCVE-2015-8356
MISC
BUGTRAQ
MISCblackberry -- blackberry_enterprise_serverMultiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.2017-04-13not yet calculatedCVE-2016-1915
FULLDISC
MISC
CONFIRMblackberry -- blackberry_enterprise_serverMultiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.2017-04-13not yet calculatedCVE-2016-1914
FULLDISC
MISC
CONFIRMblue_coat -- sslv
 Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server.2017-04-11not yet calculatedCVE-2016-10259
BID
CONFIRMbrother -- multiple_devices
 On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.2017-04-12not yet calculatedCVE-2017-7588
MISCcandlepin_project -- candlepinThe Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.2017-04-14not yet calculatedCVE-2016-4455
REDHAT
REDHAT
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMcitrix -- netscaler_gateway
 A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.2017-04-13not yet calculatedCVE-2017-7219
BID
CONFIRMconcrete5 -- concrete5
 concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector.2017-04-13not yet calculatedCVE-2017-7725
MISC
MISC
MISCdde -- dde
 dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.2017-04-10not yet calculatedCVE-2017-7622
MISCdebian -- inspircd
 Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.2017-04-13not yet calculatedCVE-2015-6674
DEBIAN
CONFIRM
GENTOOeclipse -- jettyThe path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.2017-04-13not yet calculatedCVE-2016-4800
MLIST
MISC
BID
MISCember.js -- ember.js
 Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.2017-04-13not yet calculatedCVE-2015-7565
CONFIRM
CONFIRMeyesofnetwork -- eyesofnetwork
 Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter in module/monitoring_ged/ged_functions.php or the (5) type parameter in monitoring_ged/ajax.php.2017-04-11not yet calculatedCVE-2017-6088
MLIST
BIDf5 -- big-ip_apmThe TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.2017-04-11not yet calculatedCVE-2016-7467
BID
CONFIRMfeh -- feh
 In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.2017-04-14not yet calculatedCVE-2017-7875
CONFIRM
CONFIRMffmpeg -- ffmpeg
 FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.2017-04-14not yet calculatedCVE-2017-7863
MISC
MISCffmpeg -- ffmpeg
 FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.2017-04-14not yet calculatedCVE-2017-7866
MISC
MISCffmpeg -- ffmpeg
 FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.2017-04-14not yet calculatedCVE-2017-7865
MISC
MISCffmpeg -- ffmpeg
 FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.2017-04-14not yet calculatedCVE-2017-7862
MISC
MISCffmpeg -- ffmpeg
 FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.2017-04-14not yet calculatedCVE-2017-7859
MISCfirejail -- firejail
 Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10121
MLIST
MLISTfirejail -- firejail
 Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10123
MLIST
MLISTfirejail -- firejail
 Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.2017-04-13not yet calculatedCVE-2016-10118
MLIST
MLISTfirejail -- firejail
 Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10120
MLIST
MLISTfirejail -- firejail
 Firejail does not properly clean environment variables, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10122
MLIST
MLISTfirejail -- firejail
 Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.2017-04-13not yet calculatedCVE-2016-10117
MLIST
MLISTfirejail -- firejail
 Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.2017-04-13not yet calculatedCVE-2016-10119
MLIST
MLISTfiyo_cms -- fiyo_cms
 In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.2017-04-10not yet calculatedCVE-2017-7625
BID
MISCflatcore -- flatcore_cms
 CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.2017-04-14not yet calculatedCVE-2017-7877
CONFIRMflatcore -- flatcore_cms
 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.2017-04-14not yet calculatedCVE-2017-7879
CONFIRMflatcore -- flatcore_cms
 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.2017-04-14not yet calculatedCVE-2017-7878
CONFIRMfortimail -- fortimail
 An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.2017-04-12not yet calculatedCVE-2017-3125
CONFIRM
BIDfoscam -- foscam_networked_devices
 Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.2017-04-10not yet calculatedCVE-2017-7648
MISCfreetype -- freetype_2
 FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.2017-04-14not yet calculatedCVE-2017-7858
MISC
MISCfreetype -- freetype_2
 FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.2017-04-14not yet calculatedCVE-2017-7857
MISC
MISCfreetype -- freetype_2
 FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.2017-04-14not yet calculatedCVE-2017-7864
MISC
MISCfreetype_project -- freetype_2FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.2017-04-14not yet calculatedCVE-2016-10328
MISC
MISC
MISCgame-music-emu -- game-music-emugame-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.2017-04-12not yet calculatedCVE-2016-9958
SUSE
SUSE
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISCgame-music-emu -- game-music-emuStack-based buffer overflow in game-music-emu before 0.6.1.2017-04-12not yet calculatedCVE-2016-9957
SUSE
SUSE
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISCgame-music-emu -- game-music-emugame-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.2017-04-12not yet calculatedCVE-2016-9959
SUSE
SUSE
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISCghostscript -- ghostscript
 The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.2017-04-14not yet calculatedCVE-2016-8602
CONFIRM
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRMgnu -- a2ps
 Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.2017-04-13not yet calculatedCVE-2015-8107
MLIST
BIDgnutls -- gnutls
 GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.2017-04-14not yet calculatedCVE-2017-7869
MISC
MISC
CONFIRMgoogle -- androidmediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.2017-04-13not yet calculatedCVE-2014-7921
CONFIRM
CONFIRMgoogle -- androidmediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.2017-04-13not yet calculatedCVE-2014-7920
CONFIRM
CONFIRMgoogle -- androidHTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.2017-04-13not yet calculatedCVE-2016-1155
MISC
JVNgoogle -- android_kernelDrivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.2017-04-12not yet calculatedCVE-2016-5856
SECTRACK
CONFIRM
CONFIRMgoogle -- chromeA use-after-free in AnimationController::endAnimationUpdate in Google Chrome.2017-04-11not yet calculatedCVE-2013-6647
CONFIRMgoogle -- chromeGoogle Chrome caches TLS sessions before certificate validation occurs.2017-04-13not yet calculatedCVE-2013-6662
CONFIRMgoogle -- grpcGoogle gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.2017-04-14not yet calculatedCVE-2017-7861
MISC
MISCgoogle -- grpcGoogle gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.2017-04-14not yet calculatedCVE-2017-7860
MISC
MISChipchat -- server
 Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.2017-04-14not yet calculatedCVE-2017-7357
BUGTRAQ
CONFIRM
CONFIRMhuawei -- p7
 Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.2017-04-13not yet calculatedCVE-2015-7740
CONFIRMhuawei -- p7
 Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver.2017-04-13not yet calculatedCVE-2015-8223
CONFIRMi-o_data -- rock_disk
 Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713.2017-04-13not yet calculatedCVE-2014-3887
CONFIRM
JVNibm -- financial_transition_managerIBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.2017-04-14not yet calculatedCVE-2017-1152
CONFIRMibm -- platform_lsfIBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741.2017-04-14not yet calculatedCVE-2017-1205
MISCibm -- tivoliIBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540.2017-04-14not yet calculatedCVE-2016-8927
CONFIRMibm -- tivoli
 IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.2017-04-14not yet calculatedCVE-2016-8926
CONFIRMibm -- tivoli
 IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.2017-04-14not yet calculatedCVE-2016-8925
CONFIRMicu_project -- icu
 International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.2017-04-14not yet calculatedCVE-2017-7867
MISC
MISCicu_project -- icu
 International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.2017-04-14not yet calculatedCVE-2017-7868
MISC
MISCimagemagick -- imagemagick
 coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.2017-04-11not yet calculatedCVE-2014-9837
MISC
MLIST
CONFIRMimagemagick -- imagemagick
 The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).2017-04-11not yet calculatedCVE-2014-8716
MISC
BID
CONFIRMimagemagick -- imagemagick
 The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.2017-04-11not yet calculatedCVE-2014-8354
MISC
BID
CONFIRM
MISCimagemagick -- imagemagick
 DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).2017-04-11not yet calculatedCVE-2014-8562
BID
CONFIRM
MISC
MISCimagemagick -- imagemagick
 PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).2017-04-11not yet calculatedCVE-2014-8355
MISC
BID
CONFIRM
MISCinspircd -- inspircd
 InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).2017-04-13not yet calculatedCVE-2012-6697
DEBIAN
CONFIRM
CONFIRM
GENTOOintellinet_network -- nfc-30ir_IP_camera
 Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.2017-04-11not yet calculatedCVE-2017-7461
EXPLOIT-DBintellinet_network -- nfc-30ir_IP_camera
 Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.2017-04-11not yet calculatedCVE-2017-7462
EXPLOIT-DBivywe -- ivyweMultiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-14not yet calculatedCVE-2016-4875
JVN
JVNDB
BID
CONFIRM
CONFIRMjackson-dataformat-xml -- jackson-dataformat-xmlXmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.2017-04-14not yet calculatedCVE-2016-7051
CONFIRMjoomla -- joomla
 The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).2017-04-12not yet calculatedCVE-2017-7628
MISC
MISC
MISCjoomla -- joomla
 The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).2017-04-12not yet calculatedCVE-2017-7626
MISC
MISC
MISCjoomla -- joomla
 The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).2017-04-12not yet calculatedCVE-2017-7627
MISC
MISCkancolleviewer -- kancolleviewer
 KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.2017-04-13not yet calculatedCVE-2015-2947
CONFIRM
JVNkony -- enterprise_mobile_management
 Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.2017-04-11not yet calculatedCVE-2017-5672
MISCktools.net -- photostoreSQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.2017-04-12not yet calculatedCVE-2016-4337
MISC
EXPLOIT-DBlenovo_group -- lenovo_customer_care_software_development_ kit
 Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.2017-04-10not yet calculatedCVE-2016-8235
BID
CONFIRMlenovo_group -- lenovo_updates
 Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.2017-04-10not yet calculatedCVE-2016-8237
BID
CONFIRMlibdwarf -- libdwarf
 dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.2017-04-10not yet calculatedCVE-2016-5041
MLIST
MLIST
CONFIRMlibreoffice_project -- libreofficeLibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.2017-04-14not yet calculatedCVE-2016-10327
MISC
MISClibreoffice_project -- libreoffice
 LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.2017-04-14not yet calculatedCVE-2017-7856
MISC
MISClibreoffice_project -- libreoffice
 LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.2017-04-15not yet calculatedCVE-2017-7882
MISC
MISClibreoffice_project -- libreoffice
 LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.2017-04-14not yet calculatedCVE-2017-7870
MISC
MISClibsamplerate -- libsamplerate
 In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.2017-04-11not yet calculatedCVE-2017-7697
BID
CONFIRMlibsndfile -- libsndfile
 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.2017-04-12not yet calculatedCVE-2017-7741
MISC
MISClibsndfile -- libsndfile
 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.2017-04-12not yet calculatedCVE-2017-7742
MISC
MISClibtiff -- libtiffThe setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.2017-04-11not yet calculatedCVE-2016-5322
DEBIAN
MLIST
BID
BID
CONFIRM
GENTOOlibxml2 -- libxml2The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.2017-04-11not yet calculatedCVE-2016-4483
DEBIAN
MLIST
MLIST
MLIST
MLIST
CONFIRM
BID
CONFIRM
CONFIRMlinux -- linux_kernel
 udevd in udev 232, when the Linux kernel 4.8.0 is used, does not properly verify the source of a Netlink message, which allows local users to execute arbitrary commands by leveraging access to the NETLINK_KOBJECT_UEVENT family, and the presence of the /lib/udev/rules.d/50-udev-default.rules file, to provide a crafted REMOVE_CMD value.2017-04-15not yet calculatedCVE-2017-7874
MISClinux -- linux_kernel
 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.2017-04-11not yet calculatedCVE-2016-5011
REDHAT
CONFIRM
CONFIRM
MLIST
BID
SECTRACK
CONFIRMmicrosoft -- .net_frameworkMicrosoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."2017-04-12not yet calculatedCVE-2017-0160
BID
CONFIRMmicrosoft -- edgeAn information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0208
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0201.2017-04-12not yet calculatedCVE-2017-0093
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0200
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0205
BID
CONFIRMmicrosoft -- edge
 A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0203
BID
CONFIRMmicrosoft -- excelMicrosoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0195
BID
CONFIRMmicrosoft -- excelMicrosoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0194
BID
CONFIRMmicrosoft -- internet_explorerA remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0093.2017-04-12not yet calculatedCVE-2017-0201
BID
CONFIRMmicrosoft -- internet_explorerAn elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0210
BID
CONFIRMmicrosoft -- internet_explorer
 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0202
BID
CONFIRMmicrosoft -- officeMicrosoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."2017-04-12not yet calculatedCVE-2017-0199
BID
MISC
CONFIRM
MISCmicrosoft -- onenote
 Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."2017-04-12not yet calculatedCVE-2017-0197
BID
CONFIRMmicrosoft -- outlookMicrosoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0106
BID
CONFIRMmicrosoft -- outlookMicrosoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0204
BID
CONFIRMmicrosoft -- outlook
 Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."2017-04-12not yet calculatedCVE-2017-0207
BID
CONFIRMmicrosoft -- windowsThe Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0155
BID
CONFIRMmicrosoft -- windowsA Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0058
BID
CONFIRMmicrosoft -- windowsA denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."2017-04-12not yet calculatedCVE-2017-0191
BID
CONFIRMmicrosoft -- windowsAn information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0167
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0188.2017-04-12not yet calculatedCVE-2017-0189
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0156
BID
CONFIRMmicrosoft -- windowsA Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189.2017-04-12not yet calculatedCVE-2017-0188
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."2017-04-12not yet calculatedCVE-2017-0158
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0211
BID
CONFIRMmicrosoft -- windowsA denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."2017-04-12not yet calculatedCVE-2017-0164
BID
CONFIRMmicrosoft -- windowsThe Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability."2017-04-12not yet calculatedCVE-2017-0192
BID
CONFIRMmicrosoft -- windowsA security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."2017-04-12not yet calculatedCVE-2017-0159
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0166
BID
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vulnerability."2017-04-12not yet calculatedCVE-2017-0165
BID
CONFIRMmicrosoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0184
BID
CONFIRMmicrosoft -- windows_hyper-vAn information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168.2017-04-12not yet calculatedCVE-2017-0169
BID
CONFIRMmicrosoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0179
BID
CONFIRMmicrosoft -- windows_hyper-vA denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0178
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switchA denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0183
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switchAn information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169.2017-04-12not yet calculatedCVE-2017-0168
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switchA remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0163
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switchA remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0162
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switch
 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0182
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switch
 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185.2017-04-12not yet calculatedCVE-2017-0186
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switch
 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186.2017-04-12not yet calculatedCVE-2017-0185
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switch
 A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181.2017-04-12not yet calculatedCVE-2017-0180
BID
CONFIRMmicrosoft -- windows_hyper-v_network_switch
 A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180.2017-04-12not yet calculatedCVE-2017-0181
BID
CONFIRMmod_cluster -- mod_clusterStack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.2017-04-12not yet calculatedCVE-2016-4459
REDHAT
REDHAT
REDHAT
REDHAT
BID
REDHAT
REDHAT
CONFIRMmongodb -- mongodmongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.2017-04-14not yet calculatedCVE-2016-3104
BID
CONFIRM
CONFIRMmoxa -- awk-3131a_wireless_access_pointAn exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response.2017-04-13not yet calculatedCVE-2016-8720
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.2017-04-13not yet calculatedCVE-2016-8725
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.2017-04-13not yet calculatedCVE-2016-8726
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.2017-04-13not yet calculatedCVE-2016-8723
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.2017-04-13not yet calculatedCVE-2016-8724
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.2017-04-13not yet calculatedCVE-2016-8727
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.2017-04-13not yet calculatedCVE-2016-8722
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request.2017-04-12not yet calculatedCVE-2016-8718
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim.2017-04-12not yet calculatedCVE-2016-8719
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.2017-04-12not yet calculatedCVE-2016-8716
MISCmoxa -- awk-3131a_wireless_access_pointAn exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.2017-04-13not yet calculatedCVE-2016-8712
MISCmoxa -- mx-aopc_server
 XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.2017-04-14not yet calculatedCVE-2017-7457
MISC
FULLDISCmoxa -- mxview
 Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.2017-04-14not yet calculatedCVE-2017-7455
MISC
MISC
FULLDISCmoxa -- mxview
 Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.2017-04-14not yet calculatedCVE-2017-7456
MISC
FULLDISCmozilla_project -- bugzilla
 Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.2017-04-12not yet calculatedCVE-2016-2803
MISC
BUGTRAQ
SECTRACK
CONFIRMnetapp -- oncommand
 NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.2017-04-10not yet calculatedCVE-2017-7345
BID
CONFIRMnettle -- nettleThe RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.2017-04-14not yet calculatedCVE-2016-6489
REDHAT
MLIST
UBUNTU
CONFIRM
MISC
CONFIRMnetty -- nettyhandler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).2017-04-13not yet calculatedCVE-2016-4970
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMnovastor -- novabackup_datacenterThe datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.2017-04-13not yet calculatedCVE-2016-4898
CONFIRMnovastor -- novabackup_datacenterThe datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.2017-04-13not yet calculatedCVE-2016-4899
CONFIRMoliver -- oliver
 Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php).2017-04-13not yet calculatedCVE-2014-2710
MISC
FULLDISC
BUGTRAQopenssh -- openssh
 The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.2017-04-11not yet calculatedCVE-2016-1908
MLIST
CONFIRM
BID
CONFIRM
CONFIRMopenstack -- nova-lxd
 OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.2017-04-12not yet calculatedCVE-2017-5936
MLIST
BID
UBUNTU
CONFIRM
CONFIRMosip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2016-10326
CONFIRMosip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.2017-04-13not yet calculatedCVE-2016-10324
BID
CONFIRMosip -- osipIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2016-10325
CONFIRMosip -- osip
 In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.2017-04-13not yet calculatedCVE-2017-7853
CONFIRMpalo_alto_networks -- pan-os
 The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.2017-04-14not yet calculatedCVE-2017-7217
CONFIRMpalo_alto_networks -- pan-os
 The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.2017-04-14not yet calculatedCVE-2017-7218
CONFIRMpalo_alto_networks -- traps_esm_console
 Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.2017-04-14not yet calculatedCVE-2017-7408
BID
CONFIRM
CONFIRMping_identity --openid-connect
 Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.2017-04-12not yet calculatedCVE-2017-6059
MLIST
BID
CONFIRM
MISC
CONFIRMpivotal -- cloud_foundrySQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2017-04-11not yet calculatedCVE-2016-4468
MLIST
CONFIRMproxifier -- proxifier
 Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.2017-04-14not yet calculatedCVE-2017-7643
FULLDISC
MISCproxifier -- proxifier
 Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.2017-04-14not yet calculatedCVE-2017-7690
MISCpulp -- pulpPulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.2017-04-13not yet calculatedCVE-2016-3106
MLIST
MLIST
CONFIRM
CONFIRMqemu_project -- qemu
 Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.2017-04-11not yet calculatedCVE-2015-8504
CONFIRM
MLIST
BID
CONFIRMqemu_project -- qemu
 Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).2017-04-13not yet calculatedCVE-2015-8567
FEDORA
FEDORA
FEDORA
FEDORA
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
DEBIAN
MLIST
BID
UBUNTU
MLIST
GENTOOqemu_project -- qemu
 The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.2017-04-13not yet calculatedCVE-2015-8345
MLIST
BID
MLISTqemu_project -- qemu
 The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).2017-04-13not yet calculatedCVE-2015-8619
MLIST
BID
MLISTqemu_project -- qemu
 Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.2017-04-11not yet calculatedCVE-2015-8613
MLIST
BID
CONFIRM
MLISTqemu_project -- qemu
 Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.2017-04-11not yet calculatedCVE-2015-8666
CONFIRM
MLIST
BID
CONFIRMqemu_project -- qemu
 The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.2017-04-10not yet calculatedCVE-2017-7377
CONFIRM
MLIST
BID
CONFIRM
MLISTqemu_project -- qemu
 Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.2017-04-11not yet calculatedCVE-2015-8568
MLIST
BID
CONFIRM
MLISTquest -- priviledge_manager
 pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.2017-04-14not yet calculatedCVE-2017-6554
MISC
EXPLOIT-DBradare -- radare2
 The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.2017-04-13not yet calculatedCVE-2017-7854
CONFIRM
CONFIRMradare -- radare2
 The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.2017-04-12not yet calculatedCVE-2017-7716
CONFIRMred_hat -- quickstart_cloud_installerThe web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.2017-04-14not yet calculatedCVE-2016-7060
REDHAT
CONFIRMred_hat -- red_hat_satellite_5Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.2017-04-13not yet calculatedCVE-2016-2104
REDHAT
CONFIRM
CONFIRMresteasy -- resteasyJacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.2017-04-12not yet calculatedCVE-2016-6348
CONFIRMroundcube -- webmailCross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.2017-04-13not yet calculatedCVE-2016-4068
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMroundcube -- webmail
 Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.2017-04-13not yet calculatedCVE-2015-8864
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMrtmpdump -- rtmpdump
 The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).2017-04-13not yet calculatedCVE-2015-8270
BID
MISCrtmpdump -- rtmpdump
 The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.2017-04-13not yet calculatedCVE-2015-8271
BID
MISCrtmpdump -- rtmpdump
 RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).2017-04-13not yet calculatedCVE-2015-8272
BID
MISCsaltstack -- saltstack
 modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.2017-04-13not yet calculatedCVE-2015-1839
FEDORA
CONFIRM
CONFIRM
CONFIRM
CONFIRMsaltstack -- saltstack
 modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.2017-04-13not yet calculatedCVE-2015-1838
FEDORA
CONFIRM
CONFIRM
CONFIRMsamsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4032
MISCsamsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4030
MISCsamsung -- galaxySamsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301.2017-04-13not yet calculatedCVE-2016-4031
MISCsamsung -- galaxy_s6Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081.2017-04-13not yet calculatedCVE-2016-2565
MISCsamsung -- galaxy_s6Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.2017-04-13not yet calculatedCVE-2016-2566
MISCsamsung -- galaxy_s6
 SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.2017-04-11not yet calculatedCVE-2015-7893
MISC
BID
CONFIRM
MISC
EXPLOIT-DBsamsung -- samsungSamsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.2017-04-13not yet calculatedCVE-2015-8780
MISCsamsung -- samsung_kernelsecfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL.2017-04-13not yet calculatedCVE-2016-2567
MISCsamsung -- samsung_kernelThe getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.2017-04-13not yet calculatedCVE-2016-2036
MISCsap -- business_intelligence_platformSQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633.2017-04-13not yet calculatedCVE-2016-6818
MISCsap -- business_warehouse_accelerator
 A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.2017-04-11not yet calculatedCVE-2017-7691
BID
CONFIRMsap -- hanaSAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.2017-04-13not yet calculatedCVE-2016-6143
BID
MISC
MISCsap -- netweaver_as_java
 SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.2017-04-14not yet calculatedCVE-2017-7717
MISCsap -- netweaver
 Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.2017-04-10not yet calculatedCVE-2016-10311
MISCsap -- sap_as_java
 SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.2017-04-14not yet calculatedCVE-2017-7696
MISCschneider_electric -- homelynk_controller
 A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.2017-04-11not yet calculatedCVE-2017-7689
CONFIRM
BID
MISCscm_plug-in -- scm_plug-inThe scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.2017-04-14not yet calculatedCVE-2016-6299
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORAseawell_networks -- spectrum
 Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.2017-04-13not yet calculatedCVE-2015-8283
MISC
FULLDISC
EXPLOIT-DBseawell_networks -- spectrum
 SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.2017-04-13not yet calculatedCVE-2015-8284
MISC
FULLDISC
EXPLOIT-DBseawell_networks -- spectrum
 SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.2017-04-13not yet calculatedCVE-2015-8282
MISC
FULLDISC
EXPLOIT-DBsetroubleshoot -- setroubleshootThe fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.2017-04-11not yet calculatedCVE-2016-4445
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
REDHATsetroubleshoot -- setroubleshootThe allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.2017-04-11not yet calculatedCVE-2016-4444
MLIST
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
REDHATsetroubleshoot -- setroubleshootThe allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.2017-04-11not yet calculatedCVE-2016-4446
MLIST
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
REDHATsetroubleshoot -- setroubleshootsetroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.2017-04-11not yet calculatedCVE-2016-4989
MLIST
SECTRACK
REDHAT
CONFIRM
CONFIRM
CONFIRM
REDHATsetucocms -- setucocmsSetucoCMS allows remote attackers to alter or disclose information, related to session information.2017-04-12not yet calculatedCVE-2016-4896
JVN
JVNDB
BIDsetucocms -- setucocmsSetucoCMS allows remote attackers to cause a denial of service.2017-04-12not yet calculatedCVE-2016-4894
JVN
JVNDB
BIDsetucocms -- setucocmsSetucoCMS allows remote authenticated users to execute arbitrary code.2017-04-12not yet calculatedCVE-2016-4895
JVN
JVNDB
BIDsetucocms -- setucocmsCross-site request forgery (CSRF) vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4891
JVN
JVNDB
BIDsetucocms -- setucocmsSQL injection vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4893
JVN
JVNDB
BIDsetucocms -- setucocmsCross-site scripting (XSS) vulnerability in SetucoCMS.2017-04-12not yet calculatedCVE-2016-4892
JVN
JVNDB
BIDskia -- skia
 SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash).2017-04-13not yet calculatedCVE-2013-6648
CONFIRM
CONFIRMsolarwinds -- log_and_event_managerSolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.2017-04-10not yet calculatedCVE-2017-7646
CONFIRMsolarwinds -- log_and_event_managerSolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.2017-04-10not yet calculatedCVE-2017-7647
CONFIRMsolarwinds -- log_and_event_managerIn SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.2017-04-12not yet calculatedCVE-2017-7722
MISC
MISCsony -- camerasSONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.2017-04-13not yet calculatedCVE-2016-7834
JVN
CONFIRMsplunk -- enterprise
 Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.2017-04-10not yet calculatedCVE-2017-5607
MISC
FULLDISC
BUGTRAQ
BID
BID
SECTRACK
EXPLOIT-DB
CONFIRMsquashfs -- unsquash
 (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.2017-04-13not yet calculatedCVE-2015-4646
MLIST
BIDsudo -- sudosudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.2017-04-14not yet calculatedCVE-2016-7032
BID
CONFIRM
CONFIRMsymantec -- multiple_products
 The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.2017-04-14not yet calculatedCVE-2016-5309
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
MISC
EXPLOIT-DB
CONFIRMsymantec -- multiple_products
 The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.2017-04-14not yet calculatedCVE-2016-5310
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
MISC
EXPLOIT-DB
CONFIRMsymantec -- symantec_messaging_gatewayDirectory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.2017-04-14not yet calculatedCVE-2016-5312
MISC
FULLDISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBsymantec -- symantec_web_gatewaySymantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.2017-04-12not yet calculatedCVE-2016-5313
MISC
FULLDISC
BID
SECTRACK
CONFIRMsymphony -- symphony_cms
 Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.2017-04-11not yet calculatedCVE-2017-7694
MISC
BID
MISC
MISCsynology -- photo_stationSynology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.2017-04-10not yet calculatedCVE-2016-10322
MISC
MISCsynology -- photo_stationSynology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.2017-04-10not yet calculatedCVE-2016-10323
MISC
MISCteampass -- teampassMultiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.2017-04-12not yet calculatedCVE-2015-7564
CONFIRM
EXPLOIT-DBteampass -- teampassCross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.2017-04-12not yet calculatedCVE-2015-7563
MISC
EXPLOIT-DBteampass -- teampassMultiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.2017-04-12not yet calculatedCVE-2015-7562
CONFIRM
EXPLOIT-DBtrend_micro -- threat_discovery_applianceA command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.2017-04-12not yet calculatedCVE-2016-7547
BID
MISCtrend_micro -- threat_discovery_applianceOn the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.2017-04-12not yet calculatedCVE-2016-7552
BID
MISCtrollpierre/tdm -- trollpierre/tdm
 trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).2017-04-14not yet calculatedCVE-2017-7871
CONFIRM
CONFIRMubuntu -- ubuntu
 The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.2017-04-14not yet calculatedCVE-2016-0727
MISC
BID
SECTRACK
UBUNTU
CONFIRM
CONFIRMumbraco -- umbraco
 The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.2017-04-13not yet calculatedCVE-2012-1301
BUGTRAQ
BID
MISCunisys -- s-par
 Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.2017-04-11not yet calculatedCVE-2017-5873
CONFIRMunitrends -- enterprise_backup
 An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.2017-04-12not yet calculatedCVE-2017-7279
MISCunitrends -- enterprise_backup
 An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.2017-04-12not yet calculatedCVE-2017-7281
MISCunitrends -- enterprise_backup
 An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.2017-04-12not yet calculatedCVE-2017-7284
MISCunitrends -- enterprise_backup
 An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.2017-04-12not yet calculatedCVE-2017-7280
MISCvtiger -- vtiger_crm
 Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.2017-04-14not yet calculatedCVE-2016-1713
MISC
MLIST
MLISTwebmin -- userminMultiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.2017-04-12not yet calculatedCVE-2016-4897
JVN
JVNDB
BIDwireshark -- wiresharkIn Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector.2017-04-12not yet calculatedCVE-2016-7958
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wiresharkIn Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings.2017-04-12not yet calculatedCVE-2016-7957
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.2017-04-12not yet calculatedCVE-2017-7702
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.2017-04-12not yet calculatedCVE-2017-7705
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.2017-04-12not yet calculatedCVE-2017-7701
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.2017-04-12not yet calculatedCVE-2017-7700
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.2017-04-12not yet calculatedCVE-2017-7703
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.2017-04-12not yet calculatedCVE-2017-7745
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.2017-04-12not yet calculatedCVE-2017-7704
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.2017-04-12not yet calculatedCVE-2017-7747
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.2017-04-12not yet calculatedCVE-2017-7748
BID
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.2017-04-12not yet calculatedCVE-2017-7746
BID
CONFIRM
CONFIRM
CONFIRMwolf_cms -- wolf_cms
 Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.2017-04-14not yet calculatedCVE-2015-6568
MISC
MISC
MISC
CONFIRM
CONFIRMwolf_cms -- wolf_cms
 Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.2017-04-14not yet calculatedCVE-2015-6567
MISC
MISC
MISC
CONFIRM
CONFIRMwordpress -- wordpress
 SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.2017-04-12not yet calculatedCVE-2017-7719
MISCzoho -- manageengine_servicedesk_plusCross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-14not yet calculatedCVE-2016-4888
JVN
JVNDB
BIDzoho -- manageengine_servicedesk_plusZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.2017-04-14not yet calculatedCVE-2016-4889
JVN
JVNDB
BIDzoho -- manageengine_servicedesk_plusZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generationg cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.2017-04-14not yet calculatedCVE-2016-4890
JVN
JVNDB
BIDzurmo -- zurmo
 Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.2017-04-14not yet calculatedCVE-2017-7188
MISC
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Microsoft Addresses Shadow Brokers Exploits

1 week ago
Original release date: April 15, 2017 | Last revised: April 17, 2017

The Microsoft Security Response Center (MSRC) has published information on several recently publicized exploit tools which affect various Microsoft products.

Users and administrators are reminded that software no longer supported by Microsoft (also known as end-of-life (EOL) software) is particularly at risk for exploitation. US-CERT recommends retiring EOL products. For more information on EOL Microsoft products, see US-CERT Alerts TA14-310A and TA14-069A, and the previous US-CERT Current Activity on Windows Vista.

US-CERT encourages users and administrators to review the MSRC post and apply any necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

VMware Releases Security Updates

1 week 1 day ago
Original release date: April 14, 2017

VMware has released security updates to address a vulnerability in vCenter Server. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0007 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

ISC Releases Security Updates for BIND

1 week 3 days ago
Original release date: April 12, 2017

The Internet Systems Consortium (ISC) has released updates that address multiple vulnerabilities in BIND. A remote attacker could exploit any of these vulnerabilities to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.9-P8
  • BIND 9 version 9.10.4-P8
  • BIND 9 version 9.11.0-P5
  • BIND 9 version 9.9.9-S10

US-CERT encourages users and administrators to review ISC Knowledge Base Articles AA-01465, AA-01466, and AA-01471 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Apache Software Foundation Releases Security Updates

1 week 3 days ago
Original release date: April 12, 2017 | Last revised: April 18, 2017

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may cause a remote attacker to obtain sensitive information.

Users and administrators are encouraged to review Apache.org CVE-2017-5648, CVE-2017-5650, and CVE-2017-5651 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Microsoft Releases April 2017 Security Updates

1 week 4 days ago
Original release date: April 12, 2017

Microsoft has released 61 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code.

US-CERT encourages users and administrators to review Vulnerability Note #VU921560 and Microsoft's April 2017 Security Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Adobe Releases Security Updates

1 week 4 days ago
Original release date: April 11, 2017

Adobe has released security updates to address vulnerabilities in Adobe Campaign, Flash Player, Acrobat and Reader, Photoshop CC, and Creative Cloud. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB17-09, APSB17-10, APSB17-11, APSB17-12, and APSB17-13 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Easter Holiday Phishing Scams and Malware Campaigns

1 week 5 days ago
Original release date: April 11, 2017

As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:

  • unsolicited shipping notifications that may actually be scams by attackers to solicit personal information (phishing scams),
  • electronic greeting cards that may contain malicious software (malware),
  • requests for charitable contributions that may be phishing scams or solicitations from sources that are not real charities, and
  • false advertisements for holiday accommodations or timeshares.

US-CERT encourages users and administrators to use caution when reviewing unsolicited messages. Suggested preventive measures to protect against phishing scams and malware campaigns include:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

SB17-100: Vulnerability Summary for the Week of April 3, 2017

1 week 6 days ago
Original release date: April 10, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_readerAdobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution.2017-03-3110.0CVE-2017-3010
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-019.3CVE-2017-2398
BID
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-019.3CVE-2017-2401
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature.2017-04-017.5CVE-2017-2423
BID
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.2017-04-017.5CVE-2017-2428
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.2017-04-0110.0CVE-2017-2434
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app.2017-04-019.3CVE-2017-2440
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "libc++abi" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling.2017-04-019.3CVE-2017-2441
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.2017-04-019.3CVE-2017-2451
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-017.6CVE-2017-2456
BID
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Keyboards" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-019.3CVE-2017-2458
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.2017-04-019.3CVE-2017-2472
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-019.3CVE-2017-2473
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-019.3CVE-2017-2474
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-017.6CVE-2017-2478
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-019.3CVE-2017-2482
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-019.3CVE-2017-2483
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file.2017-04-019.3CVE-2017-2485
BID
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-019.3CVE-2017-2490
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained.2017-04-017.5CVE-2017-2402
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOATAFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-019.3CVE-2017-2408
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-019.3CVE-2017-2410
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-019.3CVE-2017-2420
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleGraphicsPowerManagement" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-019.3CVE-2017-2421
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-019.3CVE-2017-2422
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-019.3CVE-2017-2427
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-019.3CVE-2017-2436
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.2017-04-017.2CVE-2017-2437
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleRAID" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.2017-04-019.3CVE-2017-2438
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-019.3CVE-2017-2443
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.2017-04-019.3CVE-2017-2449
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.2017-04-017.5CVE-2017-2477
BID
CONFIRMhuawei -- campus_s9700_firmwareHuawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism.2017-04-027.5CVE-2014-4707
CONFIRMhuawei -- cloudengine_5800_firmwareHuawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset.2017-04-027.1CVE-2016-8795
CONFIRM
BIDhuawei -- fusionaccessHuawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable.2017-04-027.8CVE-2015-7844
CONFIRMhuawei -- hisuiteHuawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code.2017-04-027.2CVE-2016-8274
CONFIRMhuawei -- mate_8_firmwareION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart).2017-04-027.1CVE-2016-8756
CONFIRM
BIDhuawei -- mate_8_firmwareION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart).2017-04-027.1CVE-2016-8758
CONFIRM
BIDhuawei -- nem-al10_firmwareTouch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.2017-04-027.2CVE-2016-8775
CONFIRM
BIDhuawei -- oceanstor_5600_v3_firmwareHuawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege.2017-04-029.0CVE-2016-8801
CONFIRM
BIDhuawei -- p8_lite_firmwareThe TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation.2017-04-029.3CVE-2016-8763
CONFIRM
BIDhuawei -- p9_plus_firmwareVideo driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege.2017-04-029.3CVE-2016-8759
CONFIRM
BIDhuawei -- p9_plus_firmwareTouchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege.2017-04-029.3CVE-2016-8760
CONFIRM
BIDhuawei -- p9_plus_firmwareVideo driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege.2017-04-029.3CVE-2016-8761
CONFIRM
BIDhuawei -- quidway_s6700_firmwareHuawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sending malformed packets to these vulnerable products.2017-04-027.8CVE-2014-3224
CONFIRMhuawei -- s2750_firmwareHuawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software V200R003C00SPC300; S2750 with software V200R003C00SPC300; S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S5700 with software V200R001C00SPC300,V200R003C00SPC300; S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S7700 with software V200R001C00SPC300; S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S9300E with software V200R003C00SPC300,V200R003C00SPC500 allow attackers to keep sending malformed packets to cause a denial of service (DoS) attack, aka a heap overflow.2017-04-027.8CVE-2014-4706
CONFIRMhuawei -- s6300_firmwareHuawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packets. The vulnerability causes the restart of switches.2017-04-027.8CVE-2014-3223
CONFIRMhuawei -- tecal_bh621_v2_firmwareHuawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to execute arbitrary code or restart the system via crafted DNS packets.2017-04-027.5CVE-2014-9693
CONFIRMhuawei -- usg5500_firmwareHuawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.2017-04-027.8CVE-2016-8798
CONFIRM
BIDhuawei -- usg9580_firmwareHuawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition.2017-04-027.8CVE-2016-8796
CONFIRM
BIDibm -- curam_social_program_managementIBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.2017-03-318.5CVE-2016-6111
CONFIRM
BIDibm -- rational_software_architect_design_managerIBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.2017-03-317.5CVE-2016-9707
BID
CONFIRMillumos -- illumosillumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash.2017-03-317.8CVE-2016-6560
CONFIRM
CONFIRM
CONFIRMillumos -- illumosillumos smbsrv NULL pointer dereference allows system crash.2017-03-317.8CVE-2016-6561
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernelThe KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.2017-03-317.2CVE-2017-2647
CONFIRM
BID
CONFIRM
CONFIRMlinux -- linux_kernelUse-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.2017-03-317.2CVE-2017-7374
CONFIRM
BID
CONFIRM
CONFIRMmulti-router_looking_glass_project -- multi-router_looking_glassfastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.2017-03-317.5CVE-2014-3931
CONFIRM
MISC
MISCopensuse_project -- opensuseBlkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.2017-03-317.2CVE-2014-9114
FEDORA
FEDORA
SUSE
MLIST
BID
XF
CONFIRM
CONFIRM
GENTOOsnoopy -- snoopyThe _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.2017-03-317.5CVE-2008-7313
CONFIRM
MLIST
MLIST
MLIST
BID
CONFIRM
XF
REDHAT
REDHAT
REDHAT
REDHAT
GENTOO
MISCsnoopy -- snoopySnoopy allows remote attackers to execute arbitrary commands.2017-03-317.5CVE-2014-5008
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
MLIST
MLIST
MLIST
BID
CONFIRM
MISCsnoopy -- snoopySnoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.2017-03-317.5CVE-2014-5009
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
MLIST
BID
XF
CONFIRM
MISC
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_readerAdobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure.2017-03-315.0CVE-2017-3009
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Carbon" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted .dfont file.2017-04-016.8CVE-2017-2379
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support.2017-04-015.0CVE-2017-2380
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site.2017-04-014.3CVE-2017-2393
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing.2017-04-015.0CVE-2017-2400
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.2017-04-015.0CVE-2017-2404
BID
CONFIRM
MISCapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.2017-04-016.8CVE-2017-2406
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.2017-04-016.8CVE-2017-2407
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP.2017-04-014.3CVE-2017-2412
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address.2017-04-015.0CVE-2017-2414
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion."2017-04-016.8CVE-2017-2415
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file.2017-04-016.8CVE-2017-2416
BID
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to cause a denial of service (infinite recursion) via a crafted image.2017-04-014.3CVE-2017-2417
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.2017-04-016.8CVE-2017-2430
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.2017-04-016.8CVE-2017-2432
BID
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.2017-04-016.8CVE-2017-2435
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.2017-04-015.8CVE-2017-2439
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.2017-04-014.3CVE-2017-2448
BID
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.2017-04-015.8CVE-2017-2450
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.2017-04-015.0CVE-2017-2461
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.2017-04-016.8CVE-2017-2462
BID
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.2017-04-016.8CVE-2017-2467
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app.2017-04-015.0CVE-2017-2484
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.2017-04-016.8CVE-2017-2487
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- keynoteAn issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.2017-04-015.0CVE-2017-2391
BID
CONFIRMapple -- mac_os_serverAn issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the "Wiki Server" component. It allows remote attackers to enumerate user accounts via unspecified vectors.2017-04-015.0CVE-2017-2382
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server.2017-04-016.5CVE-2017-2381
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.2017-04-014.3CVE-2017-2388
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.2017-04-016.8CVE-2017-2403
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app.2017-04-015.8CVE-2017-2409
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "QuickTime" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file.2017-04-016.8CVE-2017-2413
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate.2017-04-016.8CVE-2017-2425
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.2017-04-014.3CVE-2017-2426
BID
MISC
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action.2017-04-015.0CVE-2017-2429
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "CoreMedia" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file.2017-04-016.8CVE-2017-2431
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.2017-04-014.3CVE-2017-2489
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.2017-04-014.3CVE-2017-6974
BID
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2017-04-014.3CVE-2017-2367
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page.2017-04-015.0CVE-2017-2376
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state.2017-04-015.0CVE-2017-2377
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions.2017-04-016.8CVE-2017-2378
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2017-04-014.3CVE-2017-2386
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.2017-04-015.8CVE-2017-2389
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.2017-04-016.8CVE-2017-2392
BID
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2394
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2395
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2396
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2405
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.2017-04-015.0CVE-2017-2419
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.2017-04-014.3CVE-2017-2424
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2433
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2017-04-014.3CVE-2017-2442
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2444
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.2017-04-014.3CVE-2017-2445
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.2017-04-016.8CVE-2017-2446
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.2017-04-015.8CVE-2017-2447
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site.2017-04-014.3CVE-2017-2453
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2454
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2455
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2457
BID
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2459
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2460
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2463
BID
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2464
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2465
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2466
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2468
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2469
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2470
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.2017-04-016.8CVE-2017-2471
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.2017-04-014.3CVE-2017-2475
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2476
BID
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2017-04-014.3CVE-2017-2479
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2017-04-014.3CVE-2017-2480
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-016.8CVE-2017-2481
BID
MISC
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.2017-04-014.3CVE-2017-2486
BID
CONFIRM
CONFIRMgetpixie -- pixiePixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.2017-03-314.3CVE-2017-7359
MISC
BID
BIDgetpixie -- pixiePixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.2017-03-314.3CVE-2017-7360
MISC
BIDgetpixie -- pixiePixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack.2017-03-314.3CVE-2017-7361
MISC
BIDgetpixie -- pixiePixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack.2017-03-314.3CVE-2017-7362
MISC
BIDgetpixie -- pixiePixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack.2017-03-314.3CVE-2017-7363
MISC
BIDhak5 -- wi-fi_pineapple_firmwareHak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.2017-03-314.3CVE-2015-4624
MISC
MISC
BUGTRAQ
EXPLOIT-DBhelpmewatchwho_project -- helpmewatchwhoTheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter).2017-03-314.3CVE-2017-7387
BID
CONFIRMhuawei -- ascend_p6_edge-t00_firmwareApps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones.2017-04-024.3CVE-2014-8571
CONFIRMhuawei -- cloudengine_6800_firmwareHuawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition.2017-04-026.8CVE-2016-8780
CONFIRM
BIDhuawei -- espace_iad_firmwareHuawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL.2017-04-025.0CVE-2016-8271
CONFIRMhuawei -- espace_integrated_access_device_firmwareHuawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.2017-04-024.3CVE-2016-8789
CONFIRM
BIDhuawei -- espace_meetingIn Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources.2017-04-026.6CVE-2014-3222
CONFIRMhuawei -- eudemon8000e_firmwareHuawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process becomes slow and users may be unable to log in to the device.2017-04-025.0CVE-2014-3221
CONFIRMhuawei -- fusionaccessHuawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database.2017-04-024.0CVE-2016-8779
CONFIRM
BIDhuawei -- fusionstorageThe maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage.2017-04-024.1CVE-2016-8803
CONFIRM
BIDhuawei -- hisuiteHuawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC.2017-04-026.9CVE-2016-8273
CONFIRMhuawei -- logcenterHuawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service.2017-04-024.0CVE-2015-8670
CONFIRMhuawei -- logcenterHuawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions.2017-04-026.5CVE-2015-8671
CONFIRMhuawei -- mate_s_firmwareHuawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.2017-04-026.2CVE-2016-8791
CONFIRM
BIDhuawei -- mate_s_firmwareHuawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.2017-04-026.2CVE-2016-8792
CONFIRM
BIDhuawei -- mate_s_firmwareHuawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.2017-04-026.2CVE-2016-8793
CONFIRM
BIDhuawei -- mate_s_firmwareHuawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.2017-04-026.2CVE-2016-8794
CONFIRM
BIDhuawei -- oceanstor_5600_v3_firmwareHuawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH.2017-04-025.4CVE-2016-8754
CONFIRM
BIDhuawei -- oceanstor_5800_v3_firmwareThe Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays.2017-04-024.0CVE-2016-6177
CONFIRMhuawei -- p7-l10_firmwareThe MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information.2017-04-024.3CVE-2015-2246
CONFIRMhuawei -- p8_lite_firmwareThe TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver.2017-04-024.1CVE-2016-8764
CONFIRM
BIDhuawei -- secospace_usg6300_firmwareHuawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition.2017-04-024.0CVE-2016-8781
CONFIRM
BIDhuawei -- secospace_usg6300_firmwareThe security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.2017-04-026.8CVE-2016-8802
CONFIRM
BIDhuawei -- tecal_bh621_v2_firmwareHuawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow users who log in to the products to view the sessions IDs of all online users on the Online Users page of the web UI.2017-04-024.0CVE-2014-9691
CONFIRMhuawei -- tecal_bh621_v2_firmwareHuawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to figure out the RMCP+ session IDs of users and access the system with forged identities.2017-04-025.0CVE-2014-9692
CONFIRMhuawei -- tecal_bh621_v2_firmwareHuawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions have a CSRF vulnerability. The products do not use the Token mechanism for web access control. When users log in to the Huawei servers and access websites containing the malicious CSRF script, the CSRF script is executed, which may cause configuration tampering and system restart.2017-04-026.8CVE-2014-9694
CONFIRMhuawei -- tecal_e9000_chassis_firmwareThe Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user.2017-04-026.5CVE-2014-9695
CONFIRMhuawei -- tecal_e9000_chassis_firmwareThe Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation.2017-04-026.5CVE-2014-9696
CONFIRMhuawei -- usg2100_firmwareHuawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.2017-04-026.8CVE-2014-9136
CONFIRMhuawei -- usg2100_firmwareHuawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.2017-04-026.8CVE-2014-9137
CONFIRMhuawei -- ws318_firmwareHuawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not random enough. As a result, brute force cracking the PIN code is easier. After an attacker cracks the PIN, the attacker can access the Internet via the cracked device.2017-04-025.0CVE-2014-9690
CONFIRMibm -- algo_oneIBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892.2017-03-314.0CVE-2017-1154
CONFIRM
BIDibm -- inotesIBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824.2017-03-314.3CVE-2016-9990
CONFIRM
BIDibm -- sterling_selling_and_fulfillment_foundationIBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.2017-03-316.8CVE-2016-8917
CONFIRM
BIDibm -- tririga_application_platformThe IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.2017-03-314.0CVE-2017-1171
BID
CONFIRMlibarchive -- libarchiveThe archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.2017-04-034.3CVE-2016-10209
BID
CONFIRMmagmi_project -- magmiA Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.2017-03-314.3CVE-2017-7391
BID
CONFIRM
CONFIRMmcafee -- anti-malware_scan_engineSoftware Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.2017-03-314.4CVE-2016-8032
BID
CONFIRMnagios -- nagiosCross-site scripting (XSS) vulnerability in Nagios.2017-03-314.3CVE-2016-6209
FULLDISC
CONFIRMni -- labviewAn exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version 16.0.0.49152. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.2017-03-316.8CVE-2017-2775
BID
MISCopeneclass_project -- openeclassMultiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.2017-03-314.3CVE-2017-7389
BID
CONFIRMpodofo_project -- podofoThe PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.2017-04-034.3CVE-2017-7378
BID
MISCpodofo_project -- podofoThe PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.2017-04-034.3CVE-2017-7379
BID
MISCpodofo_project -- podofoThe doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.2017-04-034.3CVE-2017-7381
BID
MISCsocialnetwork_project -- socialnetworkA Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.2017-03-314.3CVE-2017-7390
BID
CONFIRMsymetrie_project -- symetriecitymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter).2017-03-314.3CVE-2017-7386
CONFIRMtigervnc -- tigervncIn TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.2017-03-315.0CVE-2017-7392
BID
CONFIRMtigervnc -- tigervncIn TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.2017-03-316.5CVE-2017-7393
BID
CONFIRMtigervnc -- tigervncIn TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.2017-03-315.0CVE-2017-7394
BID
CONFIRMtigervnc -- tigervncIn TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.2017-03-314.0CVE-2017-7395
BID
CONFIRM
CONFIRMtigervnc -- tigervncIn TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.2017-03-315.0CVE-2017-7396
BID
CONFIRM
CONFIRMwallacepos_project -- wallaceposA Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.2017-03-314.3CVE-2017-7388
BID
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode.2017-04-012.1CVE-2017-2384
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors.2017-04-012.1CVE-2017-2390
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Accounts" component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen.2017-04-012.1CVE-2017-2397
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode).2017-04-012.1CVE-2017-2399
BID
CONFIRMapple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors.2017-04-012.1CVE-2017-2452
BID
CONFIRMapple -- itunesAn issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate.2017-04-013.5CVE-2017-2383
BID
CONFIRM
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter.2017-04-012.1CVE-2016-7585
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors.2017-04-012.1CVE-2017-2418
BID
CONFIRMapple -- safariAn issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.2017-04-012.1CVE-2017-2385
BID
CONFIRMhuawei -- anyofficeHuawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.2017-04-023.5CVE-2016-8275
CONFIRM
BIDhuawei -- hisuiteHuawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks.2017-04-022.1CVE-2016-8272
CONFIRMhuawei -- p8_lite_firmwareThe TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart.2017-04-021.9CVE-2016-8762
CONFIRM
BIDibm -- kenexa_lmsIBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.2017-03-313.5CVE-2016-8935
CONFIRM
BIDibm -- rational_quality_managerIBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.2017-03-313.5CVE-2016-6022
BID
CONFIRMibm -- rational_quality_managerIBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.2017-03-313.5CVE-2016-6031
BID
CONFIRMibm -- rational_quality_managerIBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.2017-03-313.5CVE-2016-6036
BID
CONFIRMmantisbt -- mantisbtA cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.2017-03-313.5CVE-2017-6973
CONFIRM
CONFIRM
BIDmantisbt -- mantisbtA cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page.2017-03-313.5CVE-2017-7241
CONFIRM
CONFIRM
BIDmantisbt -- mantisbtA cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.2017-03-313.5CVE-2017-7309
CONFIRM
CONFIRM
BIDBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoairtame -- hdmi_dongle_firmware
 AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.2017-04-05not yet calculatedCVE-2017-7450
MISCapache -- ambari
 During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.2017-04-03not yet calculatedCVE-2017-5642
CONFIRMapache -- geode
 Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.2017-04-04not yet calculatedCVE-2017-5649
MLIST
BIDapache -- ignite
 Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.2017-04-07not yet calculatedCVE-2016-6805
CONFIRMapache -- tika
 Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.2017-04-06not yet calculatedCVE-2016-6809
CONFIRM
BID
MISCapache -- tomcat
 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.2017-04-06not yet calculatedCVE-2016-8735
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BIDapple -- apple_android_music_app
 The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-07not yet calculatedCVE-2017-2387
MISC
CONFIRMapple -- ios
 Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior.2017-04-05not yet calculatedCVE-2017-6975
BID
MISC
CONFIRM
MISCapple -- safari
 runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function.2017-04-03not yet calculatedCVE-2016-10222
CONFIRM
CONFIRMapple -- safari
 JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm.2017-04-03not yet calculatedCVE-2017-5949
BID
CONFIRM
CONFIRMapple -- safari
 JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.2017-04-03not yet calculatedCVE-2016-10226
CONFIRM
CONFIRMapt-cacher -- apt-cacher
 apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.2017-04-05not yet calculatedCVE-2017-7443
CONFIRM
CONFIRMarm_trusted_firmware -- arm_trusted_firmware
 In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code.2017-04-06not yet calculatedCVE-2016-10319
CONFIRMartifex_software -- ghostscript
 The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.2017-04-03not yet calculatedCVE-2016-10317
BID
MISCartifex_software -- ghostscript
 The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.2017-04-03not yet calculatedCVE-2016-10217
CONFIRM
CONFIRMartifex_software -- ghostscript
 The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.2017-04-03not yet calculatedCVE-2016-10219
CONFIRM
CONFIRMartifex_software -- ghostscript
 The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.2017-04-03not yet calculatedCVE-2017-5951
MISCartifex_software -- ghostscript
 The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.2017-04-03not yet calculatedCVE-2016-10220
CONFIRM
CONFIRMartifex_software -- ghostscript
 The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.2017-04-03not yet calculatedCVE-2016-10218
CONFIRM
CONFIRMartifex_software -- mupdf
 The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.2017-04-03not yet calculatedCVE-2016-10221
MISCback_in_time -- back_in_time
 The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.2017-04-06not yet calculatedCVE-2017-7572
MISCblue_coat -- advanced_secure_gateway
 Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.2017-04-05not yet calculatedCVE-2016-9091
BID
CONFIRMbroadcom -- wifi_hardmac_soc_firmwareOn the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).2017-04-05not yet calculatedCVE-2017-6956
MISC
MISCcisco -- aironet_secure_access_point_software
 A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).2017-04-07not yet calculatedCVE-2016-9196
CONFIRMcisco -- asr_900_devices
 A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP.2017-04-07not yet calculatedCVE-2017-6603
CONFIRMcisco -- evolved_programmable_network
 A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).2017-04-07not yet calculatedCVE-2017-3884
CONFIRMcisco -- firepower_system_software
 A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.2017-04-07not yet calculatedCVE-2017-3887
CONFIRMcisco -- firepower_system_software
 A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.2017-04-07not yet calculatedCVE-2017-3885
CONFIRMcisco -- integrated_management_controller
 A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.2017-04-07not yet calculatedCVE-2017-6604
CONFIRMcisco -- ios_xe_software
 A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.2017-04-07not yet calculatedCVE-2017-6606
CONFIRMcisco -- ios_xr_software
 A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL.2017-04-07not yet calculatedCVE-2017-6599
CONFIRMcisco -- ireless_lan_controller_software
 A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592.2017-04-06not yet calculatedCVE-2016-9219
BID
CONFIRMcisco -- mobility_express_software
 A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691.2017-04-06not yet calculatedCVE-2017-3834
BID
CONFIRMcisco -- mobility_express_wireless_lan_controllers_software
 A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).2017-04-07not yet calculatedCVE-2016-9197
CONFIRMcisco -- prime_infrastructure
 A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0).2017-04-07not yet calculatedCVE-2017-3848
CONFIRMcisco -- registered_envelope_service
 A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015.2017-04-07not yet calculatedCVE-2017-3889
CONFIRMcisco -- unified_communications_manager
 A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).2017-04-07not yet calculatedCVE-2017-3888
CONFIRMcisco -- unified_communications_manager
 A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).2017-04-07not yet calculatedCVE-2017-3886
CONFIRMcisco -- unified_computing_system manager
 A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69).2017-04-07not yet calculatedCVE-2017-6598
CONFIRMcisco -- unified_computing_system_director
 A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0).2017-04-07not yet calculatedCVE-2017-3817
CONFIRMcisco -- unified_computing_system_manager
 A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647).2017-04-07not yet calculatedCVE-2017-6601
CONFIRMcisco -- unified_computing_system_manager
 A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136.2017-04-07not yet calculatedCVE-2017-6600
CONFIRMcisco -- unified_computing_system_manager
 A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138).2017-04-07not yet calculatedCVE-2017-6602
CONFIRMcisco -- unified_computing_system
 A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115).2017-04-07not yet calculatedCVE-2017-6597
CONFIRMcisco -- wireless_lan_controller_software
 A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353.2017-04-06not yet calculatedCVE-2016-9194
BID
CONFIRMcisco -- wireless_lan_controller_software
 A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3).2017-04-07not yet calculatedCVE-2016-9195
CONFIRMcisco -- wireless_lan_controller_software
 A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198.2017-04-06not yet calculatedCVE-2017-3832
BID
CONFIRMclipbucket -- clipbucket
 Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673.2017-04-06not yet calculatedCVE-2016-1000307
MISCclipbucket -- clipbucket
 Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php.2017-04-06not yet calculatedCVE-2015-4673
MISC
MISC
MISCcloud_foundry_foundation -- bosh_azure
 Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability."2017-04-06not yet calculatedCVE-2017-4964
CONFIRMcollectd -- collectd
 Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.2017-04-03not yet calculatedCVE-2017-7401
BID
CONFIRMd-link -- dir-615_firmwareD-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.2017-04-04not yet calculatedCVE-2017-7398
MISCdjango_project -- django
 A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.2017-04-04not yet calculatedCVE-2017-7234
BID
CONFIRMdjango_project -- django
 Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.2017-04-04not yet calculatedCVE-2017-7233
BID
CONFIRMdragonwave -- horizon
 DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8.2017-04-06not yet calculatedCVE-2017-7576
MISCdropbox --dropbox
 The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.2017-04-05not yet calculatedCVE-2017-7448
CONFIRM
CONFIRMentropymine -- imageworsener
 The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.2017-04-05not yet calculatedCVE-2017-7452
CONFIRMentropymine -- imageworsener
 The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.2017-04-05not yet calculatedCVE-2017-7453
CONFIRMentropymine -- imageworsener
 The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.2017-04-05not yet calculatedCVE-2017-7454
CONFIRMf5 -- ssl_intercept_iapp_software
 F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.2017-04-06not yet calculatedCVE-2017-6130
CONFIRMf5 -- ssl_intercept_iapp_software
 F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.2017-04-06not yet calculatedCVE-2017-0305
CONFIRMfaveo -- faveo
 public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.2017-04-06not yet calculatedCVE-2017-7571
MISC
CONFIRMforgerock -- openidm
 In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js.2017-04-08not yet calculatedCVE-2017-7589
MISC
CONFIRMforgerock -- openidm
 OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.2017-04-08not yet calculatedCVE-2017-7591
MISC
CONFIRMforgerock -- openidm
 OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.2017-04-08not yet calculatedCVE-2017-7590
MISC
CONFIRMfoxit_software -- foxit_PDF_toolkit
 Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.2017-04-07not yet calculatedCVE-2017-7584
CONFIRMfoxit_software -- foxit_reader
 Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0.2017-04-04not yet calculatedCVE-2016-3740
MISC
MISCfreeradius -- freeradius
 FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.2017-04-05not yet calculatedCVE-2015-4680
SUSE
MISC
MISC
BUGTRAQ
BID
SECTRACK
CONFIRMgmv -- checker_atm_security
 GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03.2017-04-06not yet calculatedCVE-2017-6968
MISCgo_ssh -- go_ssh_library
 The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.2017-04-04not yet calculatedCVE-2017-3204
BID
MISC
CONFIRM
CONFIRM
MISCgoogle -- androidAn elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099.2017-04-07not yet calculatedCVE-2017-0575
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329.2017-04-05not yet calculatedCVE-2017-0329
BID
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33812508. References: N-CVE-2017-0332.2017-04-05not yet calculatedCVE-2017-0332
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. References: N-CVE-2017-0328.2017-04-05not yet calculatedCVE-2017-0328
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866.2017-04-07not yet calculatedCVE-2017-0543
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722.2017-04-07not yet calculatedCVE-2017-0559
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10 and Kernel 3.18. Android ID: A-33040280. References: N-CVE-2017-0325.2017-04-05not yet calculatedCVE-2017-0325
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33899858. References: N-CVE-2017-0330.2017-04-05not yet calculatedCVE-2017-0330
BID
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-27930566. References: N-CVE-2017-0339.2017-04-05not yet calculatedCVE-2017-0339
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.2017-04-07not yet calculatedCVE-2017-0542
CONFIRM
CONFIRMgoogle -- android
 A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.2017-04-07not yet calculatedCVE-2017-0540
CONFIRM
CONFIRMgoogle -- android
 A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.2017-04-07not yet calculatedCVE-2017-0541
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.2017-04-07not yet calculatedCVE-2017-0554
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.2017-04-07not yet calculatedCVE-2017-0454
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33893669. References: N-CVE-2017-0327.2017-04-05not yet calculatedCVE-2017-0327
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775.2017-04-07not yet calculatedCVE-2017-0555
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350.2017-04-07not yet calculatedCVE-2017-0545
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.2017-04-07not yet calculatedCVE-2017-0546
CONFIRMgoogle -- android
 An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.2017-04-07not yet calculatedCVE-2017-0547
CONFIRM
CONFIRMgoogle -- android
 A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.2017-04-07not yet calculatedCVE-2017-0548
CONFIRMgoogle -- android
 A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508.2017-04-07not yet calculatedCVE-2017-0549
CONFIRM
CONFIRMgoogle -- android
 A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140.2017-04-07not yet calculatedCVE-2017-0550
CONFIRM
CONFIRMgoogle -- android
 A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097231.2017-04-07not yet calculatedCVE-2017-0551
CONFIRM
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.2017-04-07not yet calculatedCVE-2017-0544
CONFIRMgoogle -- android
 A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.2017-04-07not yet calculatedCVE-2017-0539
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.2017-04-07not yet calculatedCVE-2017-0558
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952.2017-04-07not yet calculatedCVE-2017-0556
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.2017-04-07not yet calculatedCVE-2017-0557
CONFIRM
CONFIRMgoogle -- android
 A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915.2017-04-07not yet calculatedCVE-2017-0552
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065.2017-04-07not yet calculatedCVE-2017-0553
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597.2017-04-07not yet calculatedCVE-2017-0572
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.2017-04-07not yet calculatedCVE-2017-0561
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203.2017-04-07not yet calculatedCVE-2017-0564
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516.2017-04-07not yet calculatedCVE-2017-0565
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.2017-04-07not yet calculatedCVE-2017-0462
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367.2017-04-07not yet calculatedCVE-2017-0566
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. References: M-ALPS02898189.2017-04-07not yet calculatedCVE-2017-0562
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409.2017-04-07not yet calculatedCVE-2017-0563
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666.2017-04-07not yet calculatedCVE-2017-0569
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600.2017-04-07not yet calculatedCVE-2017-0568
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688.2017-04-07not yet calculatedCVE-2017-0570
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575.2017-04-07not yet calculatedCVE-2017-0567
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541.2017-04-07not yet calculatedCVE-2017-0571
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731.2017-04-07not yet calculatedCVE-2017-0584
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951.2017-04-07not yet calculatedCVE-2017-0577
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.2017-04-07not yet calculatedCVE-2017-0580
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788.2017-04-07not yet calculatedCVE-2017-0583
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539.2017-04-07not yet calculatedCVE-2017-0573
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406.2017-04-07not yet calculatedCVE-2017-0578
CONFIRMgoogle -- android
 A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.2017-04-07not yet calculatedCVE-2017-0538
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.2017-04-07not yet calculatedCVE-2017-0576
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406.2017-04-07not yet calculatedCVE-2017-0579
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189.2017-04-07not yet calculatedCVE-2017-0574
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.2017-04-07not yet calculatedCVE-2017-0585
CONFIRMgoogle -- android
 An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.2017-04-07not yet calculatedCVE-2017-0560
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.2017-04-07not yet calculatedCVE-2017-0586
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485.2017-04-07not yet calculatedCVE-2017-0581
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836.2017-04-07not yet calculatedCVE-2017-0582
CONFIRMhangzhou-xiongmai -- uc_httpd
 XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.2017-04-07not yet calculatedCVE-2017-7577
MISChelpdezk -- helpdezk
 HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.2017-04-05not yet calculatedCVE-2017-7446
MISC
BID
MISChelpdezk -- helpdezk
 HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.2017-04-05not yet calculatedCVE-2017-7447
MISC
MISChorde -- horde_groupware_webmail_editionIn Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.2017-04-04not yet calculatedCVE-2017-7413
CONFIRMhorde -- horde_groupware_webmail_edition
 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.2017-04-04not yet calculatedCVE-2017-7414
CONFIRMhuawei -- V200R001C0_softwareHuawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service.2017-04-02not yet calculatedCVE-2014-8572
CONFIRMhuawei -- cloud_engine_software
 Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot.2017-04-02not yet calculatedCVE-2016-8790
CONFIRM
BIDhuawei -- e3272s_software
 Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack.2017-04-02not yet calculatedCVE-2015-7847
CONFIRMhuawei -- honor_software
 Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.2017-04-02not yet calculatedCVE-2016-8768
CONFIRM
BIDhuawei -- mate_8_software
 The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.2017-04-02not yet calculatedCVE-2016-8774
CONFIRM
BIDhuawei -- p9_software
 ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory.2017-04-02not yet calculatedCVE-2016-8757
CONFIRM
BIDhuawei -- p9_software
 Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account.2017-04-02not yet calculatedCVE-2016-8776
CONFIRM
BIDhuawei -- router_software
 Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion.2017-04-02not yet calculatedCVE-2016-8797
CONFIRMhuawei -- switch_software
 Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets.2017-04-02not yet calculatedCVE-2016-8773
CONFIRM
BIDhuawei -- switch_software
 Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation.2017-04-02not yet calculatedCVE-2016-2404
CONFIRMhuawei -- utps
 Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.2017-04-02not yet calculatedCVE-2016-8769
CONFIRM
MISC
BIDhuawei -- v200r_software
 Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping.2017-04-02not yet calculatedCVE-2014-8570
CONFIRMibm -- atlas_policy_suite
 IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000771.2017-04-05not yet calculatedCVE-2016-6100
CONFIRM
BIDibm -- cognos_analytics
 IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.2017-04-05not yet calculatedCVE-2016-3031
CONFIRM
BIDibm -- cognos_analytics
 IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.2017-04-05not yet calculatedCVE-2016-3015
CONFIRM
BIDibm -- tririga_document_manager
 The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084.2017-04-05not yet calculatedCVE-2017-1180
CONFIRM
BIDibootbar -- dataprobe
 Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.2017-04-07not yet calculatedCVE-2007-6760
MISCibootbar -- dataprobe
 Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.2017-04-07not yet calculatedCVE-2007-6759
MISCilias -- ilias
 ILIAS before 5.2.3 has XSS via SVG documents.2017-04-07not yet calculatedCVE-2017-7583
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
 coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.2017-04-05not yet calculatedCVE-2014-9829
MLIST
CONFIRM
CONFIRMintel -- hardware_accelerated_execution_manager
 Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access.2017-04-04not yet calculatedCVE-2017-5683
CONFIRMintel -- intel_compute_stick
 The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.2017-04-03not yet calculatedCVE-2017-5684
CONFIRMintel -- next_unit_of_computing
 The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.2017-04-03not yet calculatedCVE-2017-5685
BID
CONFIRMintel -- next_unit_of_computing
 The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information.2017-04-03not yet calculatedCVE-2017-5686
CONFIRMjensen_of_scandinavia -- air_link
 Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to read passwords via a direct request to the x.asp page.2017-04-03not yet calculatedCVE-2016-10314
MISCjensen_of_scandinavia -- air_link
 Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages.2017-04-03not yet calculatedCVE-2016-10315
MISCjensen_of_scandinavia -- air_link
 Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout.2017-04-03not yet calculatedCVE-2016-10316
MISCjensen_of_scandinavia -- air_link
 Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages.2017-04-03not yet calculatedCVE-2016-10312
MISCjensen_of_scandinavia -- air_link
 Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages.2017-04-03not yet calculatedCVE-2016-10313
MISClg -- cistron
 lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.2017-04-03not yet calculatedCVE-2014-3930
MISC
MISClg -- cougar
 The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.2017-04-03not yet calculatedCVE-2014-3929
MISC
CONFIRM
MISClg -- cougar
 Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.2017-04-03not yet calculatedCVE-2014-3928
MISC
CONFIRM
MISClibming -- libming
 Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831.2017-04-07not yet calculatedCVE-2017-7578
CONFIRMlibsndfile -- libsndfile
 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.2017-04-07not yet calculatedCVE-2017-7585
CONFIRM
CONFIRM
CONFIRM
MISClibsndfile -- libsndfile
 In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.2017-04-07not yet calculatedCVE-2017-7586
CONFIRM
CONFIRM
CONFIRM
CONFIRMlibxslt -- libxslt
 In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.2017-04-05not yet calculatedCVE-2015-9019
MISC
MISClightdm -- lightdm
 In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.2017-04-05not yet calculatedCVE-2017-7358
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.2017-04-04not yet calculatedCVE-2016-10229
CONFIRM
CONFIRM
BID
CONFIRMlinux -- linux_kernel
 The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.2017-04-04not yet calculatedCVE-2014-9922
CONFIRM
CONFIRM
BID
CONFIRMlinux -- linux_kernel
 The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.2017-04-05not yet calculatedCVE-2017-2671
MLIST
BID
CONFIRM
MISC
CONFIRM
MISClinux -- linux_kernel
 A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.2017-04-04not yet calculatedCVE-2016-10318
CONFIRM
CONFIRM
BID
CONFIRMlittle_snitch -- little_snitch
 Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.2017-04-06not yet calculatedCVE-2017-2675
CONFIRMmagento -- news_module
 SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.2017-04-07not yet calculatedCVE-2017-7581
MISCmrlg4php -- mrlg4php
 mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.2017-04-03not yet calculatedCVE-2014-3927
MISC
CONFIRM
MISCmybb -- mybb
 MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.2017-04-06not yet calculatedCVE-2017-7566
BID
CONFIRM
CONFIRM
MISCnextcloud -- server
 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.2017-04-05not yet calculatedCVE-2017-0888
MISC
CONFIRMnextcloud -- server
 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.2017-04-05not yet calculatedCVE-2017-0886
MISC
CONFIRMnextcloud -- server
 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.2017-04-05not yet calculatedCVE-2017-0887
MISC
CONFIRMnextcloud -- server
 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.2017-04-05not yet calculatedCVE-2017-0884
MISC
CONFIRMnextcloud -- server
 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for.2017-04-05not yet calculatedCVE-2017-0883
MISC
CONFIRMnextcloud -- server
 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.2017-04-05not yet calculatedCVE-2017-0885
MISC
CONFIRMnix -- nixos
 NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.2017-04-03not yet calculatedCVE-2017-7412
CONFIRM
CONFIRM
CONFIRMopendaylight -- opendaylight
 OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."2017-04-04not yet calculatedCVE-2015-1611
MISC
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMopendaylight -- opendaylight
 OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."2017-04-04not yet calculatedCVE-2015-1612
MISC
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMopenstack -- horizon
 OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.2017-04-03not yet calculatedCVE-2017-7400
BID
CONFIRMphpmyfaq -- phpmyfaq
 inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.2017-04-07not yet calculatedCVE-2017-7579
CONFIRM
CONFIRMpivotx -- pivotx
 PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.2017-04-07not yet calculatedCVE-2017-7570
MISCpixie -- pixie
 Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.2017-04-03not yet calculatedCVE-2017-7402
MISCpodofo -- podofo
 The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.2017-04-03not yet calculatedCVE-2017-7380
BID
MISCpodofo -- podofo
 The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.2017-04-03not yet calculatedCVE-2017-7383
BID
MISCpodofo -- podofo
 The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.2017-04-03not yet calculatedCVE-2017-7382
BID
MISCproftpd -- proftpd
 ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.2017-04-04not yet calculatedCVE-2017-7418
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMpulp_project -- pulp
 Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.2017-04-03not yet calculatedCVE-2013-7450
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRMqualcomm -- qualcomm_innovation_center
 The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket.2017-04-04not yet calculatedCVE-2016-5870
BID
CONFIRM
CONFIRMqualcomm -- qualcomm_secure_execution_environment
 The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application's HLOS client.2017-04-06not yet calculatedCVE-2016-5349
BID
CONFIRM
CONFIRM
CONFIRMradare -- radare2
 The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.2017-04-03not yet calculatedCVE-2017-6194
BID
CONFIRM
CONFIRMradare -- radare2
 The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.2017-04-03not yet calculatedCVE-2017-6448
BID
CONFIRM
CONFIRMriverbed -- riverbed_optimization_system
 Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.2017-04-04not yet calculatedCVE-2017-5670
MISC
BID
MISCriverbed -- riverbed_optimization_system
 Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.2017-04-04not yet calculatedCVE-2017-7307
MISC
MISCrogue_wave -- jviews
 Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.2017-04-06not yet calculatedCVE-2015-8965
CONFIRMruby -- ruby
 The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.2017-04-03not yet calculatedCVE-2017-6181
BID
CONFIRM
CONFIRMschneider_electric -- conext_combox
 An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.2017-04-07not yet calculatedCVE-2017-6019
CONFIRM
MISCschneider_electric -- interactive_graphical_scada_system_software
 A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path.2017-04-07not yet calculatedCVE-2017-6033
CONFIRM
MISCschneider_electric -- modicon
 Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.2017-04-06not yet calculatedCVE-2017-7575
MISCschneider_electric -- somachine_basic
 Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product.2017-04-06not yet calculatedCVE-2017-7574
MISCsophos -- cyberoam
 Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.2017-04-07not yet calculatedCVE-2016-7786
MISCspiceworks -- spiceworks
 The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.2017-04-06not yet calculatedCVE-2017-7237
MISC
MISC
EXPLOIT-DBsplunkbase -- splunk_hadoop_connect_app
 Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.2017-04-06not yet calculatedCVE-2017-7565
CONFIRMstarscream -- starscream
 WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).2017-04-06not yet calculatedCVE-2017-7192
CONFIRM
CONFIRMstarscream -- starscream
 WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).2017-04-06not yet calculatedCVE-2017-5887
CONFIRM
CONFIRMtechnicolor -- tc7200_firmware
 Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.2017-04-03not yet calculatedCVE-2014-1677
FULLDISC
EXPLOIT-DB
BUGTRAQ
XF
MISCtextract -- textract
 textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.2017-04-06not yet calculatedCVE-2016-10320
MISCtool_writeout.c -- tool_writeout.c
 The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.2017-04-03not yet calculatedCVE-2017-7407
MISCtrend_micro -- interscan_web_security_virtual_applianceTrend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages.2017-04-05not yet calculatedCVE-2017-6340
MISC
MISCtrend_micro -- interscan_web_security_virtual_appliance
 Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase.2017-04-05not yet calculatedCVE-2017-6339
MISC
MISCtrend_micro -- interscan_web_security_virtual_appliance
 Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.2017-04-05not yet calculatedCVE-2017-6338
BID
MISC
MISCtryton  -- tryton
 file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.2017-04-04not yet calculatedCVE-2017-0360
CONFIRM
CONFIRMvbulletin -- vbulletin
 In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.2017-04-06not yet calculatedCVE-2017-7569
CONFIRMveritas -- veritas_system_recovery
 In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.2017-04-05not yet calculatedCVE-2017-7444
BID
CONFIRMwebsitebaker -- websitebaker
 Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.2017-04-03not yet calculatedCVE-2017-7410
CONFIRM
CONFIRMwordpress -- wordpress
 The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.2017-04-02not yet calculatedCVE-2017-1001000
MLIST
MISC
MISC
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRMxen_project -- xen
 An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.2017-04-04not yet calculatedCVE-2017-7228
CONFIRM
BID
CONFIRM
MISCyaml -- yaml
 The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.2017-04-03not yet calculatedCVE-2017-5950
BID
MISCyara -- yara
 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.2017-04-03not yet calculatedCVE-2017-5923
CONFIRM
CONFIRMyara -- yara
 libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.2017-04-03not yet calculatedCVE-2016-10210
CONFIRM
CONFIRMyara -- yara
 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.2017-04-03not yet calculatedCVE-2017-5924
CONFIRM
CONFIRMyara -- yara
 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.2017-04-03not yet calculatedCVE-2016-10211
CONFIRM
CONFIRMzyxel -- emg2926_router_firmware
 A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.2017-04-06not yet calculatedCVE-2017-6884
EXPLOIT-DBBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

2 weeks 3 days ago
Original release date: April 06, 2017

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Apple Releases Security Update for iOS

2 weeks 5 days ago
Original release date: April 03, 2017

Apple has released a security update to address a vulnerability in iOS. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Apple security page for iOS and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

SB17-093: Vulnerability Summary for the Week of March 27, 2017

2 weeks 6 days ago
Original release date: April 03, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoallwinnertech -- linux-3.4-sunxiThe sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.2017-03-277.2CVE-2016-10225
MLIST
MLIST
BID
CONFIRM
MISC
MISCapache -- camelApache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.2017-03-287.5CVE-2016-8749
CONFIRM
BIDapache -- poiApache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.2017-03-247.1CVE-2017-5644
CONFIRM
BIDartifex -- mujsHeap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions.2017-03-247.5CVE-2016-10133
CONFIRM
MLIST
MLIST
CONFIRM
FEDORAeviewgps -- ev-07s_gps_tracker_firmwareDue to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"2017-03-277.8CVE-2017-5237
BID
MISCgnu -- gnutlsDouble free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.2017-03-247.5CVE-2017-5334
SUSE
MLIST
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
GENTOOgnu -- gnutlsStack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.2017-03-247.5CVE-2017-5336
SUSE
MLIST
MLIST
BID
SECTRACK
MISC
CONFIRM
CONFIRM
GENTOOgnu -- gnutlsMultiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.2017-03-247.5CVE-2017-5337
SUSE
MLIST
MLIST
BID
SECTRACK
MISC
MISC
CONFIRM
CONFIRM
GENTOOhesiod_project -- hesiodThe read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.2017-03-2810.0CVE-2016-10152
MLIST
BID
CONFIRM
CONFIRMhuawei -- ar3200_firmwareHuawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet.2017-03-2410.0CVE-2016-6206
CONFIRM
BIDhuawei -- mate_s_firmwareThe ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application.2017-03-247.1CVE-2015-8678
CONFIRMimagemagick -- imagemagickcoders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.2017-03-247.5CVE-2016-10144
MLIST
MLIST
BID
CONFIRM
CONFIRMimagemagick -- imagemagickOff-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.2017-03-247.5CVE-2016-10145
MLIST
MLIST
BID
CONFIRM
CONFIRMimagemagick -- imagemagickMultiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.2017-03-247.8CVE-2016-10146
MLIST
MLIST
BID
CONFIRM
CONFIRMimagemagick -- imagemagickMemory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.2017-03-247.8CVE-2017-5507
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickcoders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.2017-03-247.5CVE-2017-5511
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMintelliants -- subrion_cmsSubrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.2017-03-267.5CVE-2017-6013
BID
MISCirssi -- irssiThe netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.2017-03-277.5CVE-2017-7191
BID
CONFIRM
CONFIRMlibgit2_project -- libgit2Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.2017-03-247.5CVE-2016-10128
SUSE
SUSE
SUSE
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernelThe vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.2017-03-287.2CVE-2017-7294
BID
MISC
MISClinux -- linux_kernelThe packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls.2017-03-297.2CVE-2017-7308
BID
CONFIRMmicrosoft -- iisBuffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.2017-03-2610.0CVE-2017-7269
BID
MISC
MISC
MISC
MISCmodx -- modx_revolutionsetup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.2017-03-307.5CVE-2017-7321
BID
MISCmodx -- modx_revolutionsetup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.2017-03-307.5CVE-2017-7324
BID
MISCmoodle -- moodleIn Moodle 2.x and 3.x, SQL injection can occur via user preferences.2017-03-267.5CVE-2017-2641
BID
CONFIRMopenbsd -- openbsdhttpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.2017-03-277.8CVE-2017-5850
MLIST
MISC
FULLDISC
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
MISC
EXPLOIT-DBputty -- puttyThe ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.2017-03-277.5CVE-2017-6542
SUSE
CONFIRM
BID
CONFIRM
GENTOOqemu -- qemuLocal privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.2017-03-2410.0CVE-2015-8556
MISC
GENTOO
EXPLOIT-DBqemu -- qemuInteger overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow.2017-03-277.2CVE-2017-5931
CONFIRM
MLIST
BID
CONFIRM
MLISTrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session.2017-03-277.5CVE-2016-9125
MISC
MISC
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.2017-03-279.3CVE-2016-9470
MISC
MISCsolarwinds -- log_and_event_managerSolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.2017-03-247.2CVE-2017-5198
MISC
BIDBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoamd -- ryzenThe AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite.2017-03-244.9CVE-2017-7262
MISC
MISC
BID
MISC
MISCartifex -- mupdfUse-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.2017-03-266.8CVE-2017-7264
MISC
BID
MISCbrave -- browserBrave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.2017-03-274.3CVE-2016-9473
BID
MISC
MISC
MISCbroadcom -- bcm4339_soc_firmwareStack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156).2017-03-276.8CVE-2017-6957
MISC
BID
MISCcall-cc -- chickenThe string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).2017-03-295.0CVE-2015-4556
MLIST
MLIST
MLIST
CONFIRMcanonical -- ubuntu_coreAn issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.2017-03-244.3CVE-2017-6507
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRMclusterlabs -- pacemakerPacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.2017-03-245.0CVE-2016-7797
CONFIRM
SUSE
SUSE
SUSE
REDHAT
MLIST
BID
CONFIRMdebian -- debian_linuxXML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.2017-03-245.0CVE-2016-10149
DEBIAN
MLIST
CONFIRM
CONFIRM
MISC
CONFIRMdotcms -- dotcmsdotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.2017-03-264.3CVE-2017-6003
BID
MISCeclipse -- tinydtlsEclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake.2017-03-245.0CVE-2017-7243
BID
MISC
MISCeonweb_project -- eonwebEyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.2017-03-246.5CVE-2017-6087
MLIST
BID
CONFIRMeviewgps -- ev-07s_gps_tracker_firmwareDue to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field.2017-03-275.0CVE-2017-5238
BID
MISCeviewgps -- ev-07s_gps_tracker_firmwareDue to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.2017-03-275.0CVE-2017-5239
BID
MISCexfat_prokect -- exfatHeap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem.2017-03-276.8CVE-2015-8026
MLIST
BID
MISC
CONFIRM
CONFIRM
GENTOOextraputty -- extraputtyThe TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.2017-03-275.0CVE-2017-7183
MISC
BUGTRAQ
BIDf5 -- big-ip_webacceleratorThe Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.2017-03-275.0CVE-2016-9252
CONFIRMfedoraproject -- fedoraregexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.2017-03-245.0CVE-2016-10132
CONFIRM
MLIST
MLIST
CONFIRM
FEDORAfedoraproject -- fedoraThe bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.2017-03-284.3CVE-2016-8884
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
FEDORA
FEDORAfedoraproject -- fedoraark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.2017-03-276.8CVE-2017-5330
MLIST
BID
CONFIRM
CONFIRM
FEDORA
GENTOOfirebirdsql -- firebirdInsufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.2017-03-246.5CVE-2017-6369
CONFIRM
BIDfomori -- cherrymusicDirectory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."2017-03-274.0CVE-2015-8309
CONFIRM
BID
CONFIRM
CONFIRM
EXPLOIT-DBfreeradius -- freeradiusThe EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.2017-03-274.3CVE-2015-8762
CONFIRM
MLISTfreeradius -- freeradiusThe EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.2017-03-276.8CVE-2015-8763
CONFIRM
MLISTfreeradius -- freeradiusOff-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.2017-03-276.8CVE-2015-8764
CONFIRM
MLISTgetsymphony -- symphony_cmsSymphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.2017-03-264.3CVE-2017-6067
BID
MISCgnu -- bashThe path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.2017-03-274.6CVE-2017-5932
CONFIRM
MLIST
BID
MLISTgnu -- binutilsThe Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.2017-03-294.3CVE-2017-7299
BID
CONFIRMgnu -- binutilsThe Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.2017-03-295.0CVE-2017-7300
BID
CONFIRMgnu -- binutilsThe Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.2017-03-295.0CVE-2017-7301
BID
CONFIRMgnu -- binutilsThe Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.2017-03-295.0CVE-2017-7302
BID
CONFIRMgnu -- binutilsThe Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.2017-03-295.0CVE-2017-7303
BID
CONFIRMgnu -- binutilsThe Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.2017-03-295.0CVE-2017-7304
BID
CONFIRMgnu -- gnutlsThe stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.2017-03-245.0CVE-2017-5335
SUSE
MLIST
MLIST
BID
SECTRACK
MISC
CONFIRM
CONFIRM
GENTOOgo-jose_project -- go-josego-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack.2017-03-276.4CVE-2016-9121
MISC
MISC
MISCgo-jose_project -- go-josego-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated.2017-03-275.0CVE-2016-9122
MISC
MISC
MISCgo-jose_project -- go-josego-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.2017-03-275.0CVE-2016-9123
MISC
MISC
MISCibm -- cognos_business_intelligenceIBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718.2017-03-276.5CVE-2016-8960
CONFIRM
BIDibm -- kenexa_lcms_premierIBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.2017-03-274.0CVE-2017-1142
CONFIRM
BIDibm -- security_key_lifecycle_managerIBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.2017-03-274.3CVE-2016-6102
CONFIRM
BIDibm -- tririga_application_platformIBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.2017-03-276.5CVE-2017-1153
CONFIRM
BIDibm -- websphere_portalIBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.2017-03-274.3CVE-2017-1120
CONFIRM
BIDimagemagick -- imagemagickDouble free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.2017-03-246.8CVE-2017-5506
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickHeap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.2017-03-244.3CVE-2017-5508
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickcoders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.2017-03-246.8CVE-2017-5509
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickcoders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.2017-03-246.8CVE-2017-5510
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickThe ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.2017-03-274.3CVE-2017-7275
BID
MISC
MISCintelliants -- subrion_cmsSubrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.2017-03-266.8CVE-2017-6002
MISCintelliants -- subrion_cmsSubrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter.2017-03-266.8CVE-2017-6066
BID
MISCintelliants -- subrion_cmsSubrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.2017-03-266.8CVE-2017-6068
BID
MISCintelliants -- subrion_cmsSubrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter.2017-03-266.8CVE-2017-6069
BID
MISClibgit2_project -- libgit2The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.2017-03-245.0CVE-2016-10129
SUSE
SUSE
SUSE
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRMlibgit2_project -- libgit2The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.2017-03-244.3CVE-2016-10130
SUSE
SUSE
SUSE
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRMlibtiff -- libtiffLibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.2017-03-244.3CVE-2016-10266
BID
MISC
MISClibtiff -- libtiffLibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.2017-03-244.3CVE-2016-10267
BID
MISC
MISClibtiff -- libtifftools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.2017-03-246.8CVE-2016-10268
BID
MISC
MISClibtiff -- libtiffLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.2017-03-246.8CVE-2016-10269
BID
MISC
MISClibtiff -- libtiffLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.2017-03-246.8CVE-2016-10270
BID
MISC
MISClibtiff -- libtifftools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.2017-03-246.8CVE-2016-10271
BID
MISC
MISClibtiff -- libtiffLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.2017-03-246.8CVE-2016-10272
BID
MISC
MISClinux -- linux_kernelThe vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.2017-03-244.9CVE-2017-7261
MISC
BID
MISC
MISClinux -- linux_kernelThe TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.2017-03-286.6CVE-2017-7277
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRMmiele_professional -- pst10_webserverAn issue was discovered on Miele Professional PG 8528 PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1.2017-03-245.0CVE-2017-7240
MISC
BIDmodx -- modx_revolutionsetup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value.2017-03-304.3CVE-2017-7320
BID
MISCmodx -- modx_revolutionThe (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate.2017-03-306.8CVE-2017-7322
BID
MISCmodx -- modx_revolutionThe (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism.2017-03-306.8CVE-2017-7323
BID
MISCmoodle -- moodleIn Moodle 3.2.x, global search displays user names for unauthenticated users.2017-03-265.0CVE-2017-2643
BID
CONFIRMmoodle -- moodleIn Moodle 3.x, XSS can occur via evidence of prior learning.2017-03-264.3CVE-2017-2644
BID
CONFIRMmoodle -- moodleIn Moodle 3.x, XSS can occur via attachments to evidence of prior learning.2017-03-264.3CVE-2017-2645
BID
CONFIRMnetflix -- security_monkeyNetflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.2017-03-265.8CVE-2017-7266
BID
CONFIRM
CONFIRM
CONFIRMnextcloud -- nextcloudNextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.2017-03-275.0CVE-2016-9460
MISC
MISC
MISC
MISC
MISC
MISC
MISCnextcloud -- nextcloudNextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group.2017-03-274.0CVE-2016-9464
MISC
MISC
MISC
MISC
MISC
MISCnextcloud -- nextcloudNextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.2017-03-275.0CVE-2016-9467
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCnextcloud -- nextcloudNextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.2017-03-275.0CVE-2016-9468
MISC
MISC
MISC
MISC
MISC
MISC
MISCntp -- ntpThe mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.2017-03-274.6CVE-2017-6451
CONFIRM
CONFIRM
BID
SECTRACKntp -- ntpStack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.2017-03-274.6CVE-2017-6452
CONFIRM
CONFIRM
BID
SECTRACKntp -- ntpNTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.2017-03-274.4CVE-2017-6455
CONFIRM
CONFIRM
BID
SECTRACKntp -- ntpMultiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.2017-03-276.5CVE-2017-6458
CONFIRM
CONFIRM
BID
SECTRACKntp -- ntpStack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.2017-03-276.5CVE-2017-6460
CONFIRM
CONFIRM
BID
SECTRACKntp -- ntpBuffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.2017-03-274.6CVE-2017-6462
CONFIRM
CONFIRM
BID
SECTRACKntp -- ntpNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.2017-03-274.0CVE-2017-6463
CONFIRM
CONFIRM
BID
SECTRACKntp -- ntpNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.2017-03-274.0CVE-2017-6464
CONFIRM
CONFIRM
BID
SECTRACKnuxeo -- nuxeoDirectory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.2017-03-246.5CVE-2017-5869
MLIST
BIDopenslp -- openslpThe _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.2017-03-275.0CVE-2016-4912
MLIST
SECTRACK
CONFIRMopensuse_project -- leapCross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.2017-03-274.3CVE-2015-8010
SUSE
MLIST
MLIST
BID
CONFIRMowncloud -- owncloudNextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.2017-03-274.3CVE-2016-9459
MISC
MISC
MISC
MISC
MISC
MISC
MISCowncloud -- owncloudNextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.2017-03-274.0CVE-2016-9461
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCowncloud -- owncloudNextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.2017-03-274.0CVE-2016-9462
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCowncloud -- owncloudNextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.2017-03-276.8CVE-2016-9463
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCowncloud -- owncloudNextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.2017-03-274.3CVE-2016-9466
MISC
MISC
MISC
MISC
MISC
MISCphp -- phpPHP through 7.1.3 enables potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.2017-03-275.8CVE-2017-7272
BID
CONFIRM
CONFIRMpotrace_project -- potraceThe bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698.2017-03-266.8CVE-2017-7263
BID
MISCradare -- radare2The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.2017-03-274.3CVE-2017-7274
BID
CONFIRM
CONFIRMrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress.2017-03-275.0CVE-2016-9124
MISC
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed.2017-03-276.8CVE-2016-9127
MISC
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.2017-03-275.0CVE-2016-9129
MISC
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.2017-03-276.8CVE-2016-9455
BID
MISC
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.2017-03-276.8CVE-2016-9456
BID
MISC
MISCs-nail_project -- s-nailDirectory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.2017-03-276.9CVE-2017-5899
MLIST
MLIST
BID
MLISTsiemens -- ruggedcom_rox_iSiemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information.2017-03-284.0CVE-2017-2686
BID
CONFIRMsiemens -- ruggedcom_rox_iSiemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link.2017-03-284.3CVE-2017-2687
BID
CONFIRMsiemens -- ruggedcom_rox_iThe integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.2017-03-286.8CVE-2017-2688
BID
CONFIRMsiemens -- ruggedcom_rox_iSiemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.2017-03-286.5CVE-2017-2689
BID
CONFIRMsolarwinds -- log_and_event_managerThe editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.2017-03-246.5CVE-2017-5199
MISC
BIDuclibc-ng_project -- uclibc-ngThe __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.2017-03-245.0CVE-2016-2224
CONFIRM
MLIST
MLIST
BID
CONFIRMuclibc-ng_project -- uclibc-ngThe __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.2017-03-245.0CVE-2016-2225
CONFIRM
MLIST
MLIST
BID
CONFIRMyii_software -- yiiReflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.2017-03-274.3CVE-2017-7271
BID
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocmsmadesimple -- cms_made_simpleXSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.2017-03-243.5CVE-2017-7255
MISCcmsmadesimple -- cms_made_simpleXSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.2017-03-243.5CVE-2017-7256
MISC
BIDcmsmadesimple -- cms_made_simpleXSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.2017-03-243.5CVE-2017-7257
MISC
BIDf5 -- big-ip_webacceleratorIn some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.2017-03-272.1CVE-2016-7474
BID
CONFIRMfomori -- cherrymusicCross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.2017-03-273.5CVE-2015-8310
CONFIRM
BID
CONFIRM
CONFIRMibm -- call_center_for_commerceIBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000442.2017-03-273.5CVE-2016-6056
CONFIRM
BIDibm -- kenexa_lcms_premierIBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874.2017-03-273.5CVE-2017-1143
CONFIRM
BIDibm -- tririga_application_platformIBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.2017-03-273.5CVE-2016-9737
CONFIRM
BIDmetinfo -- metinfoCross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.2017-03-273.5CVE-2017-6878
MISC
FULLDISC
BIDminiupnp_project -- minisspdThe processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value.2017-03-242.1CVE-2016-3178
MISC
MLIST
CONFIRM
CONFIRMminiupnp_project -- minisspdThe processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.2017-03-242.1CVE-2016-3179
MISC
MLIST
CONFIRM
CONFIRMmoodle -- moodleIn Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.2017-03-293.5CVE-2017-7298
MISC
BIDnetcomm -- nb16wv-02_firmwareCross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm.2017-03-293.5CVE-2017-5900
FULLDISC
BIDnextcloud -- nextcloudNextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.2017-03-273.5CVE-2016-9465
MISC
MISC
MISC
MISC
MISC
MISCntp -- ntpThe Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.2017-03-272.1CVE-2017-6459
CONFIRM
CONFIRM
BID
SECTRACKoneplus -- oxygenosWith OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.2017-03-263.6CVE-2017-5622
BID
MISCqemu -- qemuThe cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.2017-03-272.1CVE-2016-9922
CONFIRM
MLIST
BID
CONFIRM
MLISTqemu -- qemuThe xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.2017-03-272.1CVE-2017-5973
CONFIRM
MLIST
BID
CONFIRM
MLISTrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account.2017-03-273.5CVE-2016-9126
MISC
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL.2017-03-273.5CVE-2016-9128
MISC
MISC
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.2017-03-273.5CVE-2016-9130
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages.2017-03-273.5CVE-2016-9454
BID
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others.2017-03-273.5CVE-2016-9457
BID
MISC
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.2017-03-272.1CVE-2016-9471
MISC
MISCrevive-adserver -- revive_adserverRevive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective.2017-03-273.5CVE-2016-9472
MISC
MISC
MISCsiemens -- ruggedcom_rox_iThe integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.2017-03-283.5CVE-2017-6864
BID
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_reader
 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution.2017-03-31not yet calculatedCVE-2017-3010
CONFIRMadobe -- acrobat_reader
 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure.2017-03-31not yet calculatedCVE-2017-3009
CONFIRMapache -- ambari
 Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.2017-03-28not yet calculatedCVE-2016-6807
BID
CONFIRMapache -- ambari
 Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.2017-03-29not yet calculatedCVE-2016-4976
BID
CONFIRMapache -- ambari
 The certificate signing REST API in Apache Ambari before 2.4.0 allows remote attackers to execute arbitrary code via shell metacharacters in the agentHostname value.2017-03-29not yet calculatedCVE-2014-3582
CONFIRM
MISCapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app.2017-04-01not yet calculatedCVE-2017-2484
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP.2017-04-01not yet calculatedCVE-2017-2412
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support.2017-04-01not yet calculatedCVE-2017-2380
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address.2017-04-01not yet calculatedCVE-2017-2414
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Accounts" component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen.2017-04-01not yet calculatedCVE-2017-2397
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode.2017-04-01not yet calculatedCVE-2017-2384
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors.2017-04-01not yet calculatedCVE-2017-2452
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.2017-04-01not yet calculatedCVE-2017-2389
CONFIRM
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site.2017-04-01not yet calculatedCVE-2017-2393
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode).2017-04-01not yet calculatedCVE-2017-2399
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing.2017-04-01not yet calculatedCVE-2017-2400
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.2017-04-01not yet calculatedCVE-2017-2404
CONFIRM
MISCapple -- ios
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.2017-04-01not yet calculatedCVE-2017-2434
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.2017-04-01not yet calculatedCVE-2017-2403
CONFIRMapple -- macos_server
 An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the "Wiki Server" component. It allows remote attackers to enumerate user accounts via unspecified vectors.2017-04-01not yet calculatedCVE-2017-2382
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleGraphicsPowerManagement" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-01not yet calculatedCVE-2017-2421
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "QuickTime" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file.2017-04-01not yet calculatedCVE-2017-2413
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "CoreMedia" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file.2017-04-01not yet calculatedCVE-2017-2431
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2436
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2422
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.2017-04-01not yet calculatedCVE-2017-2489
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2427
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.2017-04-01not yet calculatedCVE-2017-6974
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2420
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-01not yet calculatedCVE-2017-2410
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action.2017-04-01not yet calculatedCVE-2017-2429
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate.2017-04-01not yet calculatedCVE-2017-2425
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.2017-04-01not yet calculatedCVE-2017-2426
MISC
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server.2017-04-01not yet calculatedCVE-2017-2381
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.2017-04-01not yet calculatedCVE-2017-2477
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter.2017-04-01not yet calculatedCVE-2016-7585
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOATAFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2408
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.2017-04-01not yet calculatedCVE-2017-2388
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained.2017-04-01not yet calculatedCVE-2017-2402
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app.2017-04-01not yet calculatedCVE-2017-2409
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.2017-04-01not yet calculatedCVE-2017-2449
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.2017-04-01not yet calculatedCVE-2017-2437
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleRAID" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.2017-04-01not yet calculatedCVE-2017-2438
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors.2017-04-01not yet calculatedCVE-2017-2418
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2443
CONFIRMapple -- safari
 An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.2017-04-01not yet calculatedCVE-2017-2385
CONFIRMapple -- safari
 An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2392
CONFIRMapple -- softwareAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2473
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- softwareAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2459
CONFIRM
CONFIRM
CONFIRMapple -- softwareAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2470
CONFIRM
CONFIRM
CONFIRMapple -- softwareAn issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate.2017-04-01not yet calculatedCVE-2017-2383
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.2017-04-01not yet calculatedCVE-2017-2462
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2457
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2463
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2466
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2464
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2465
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Keyboards" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-01not yet calculatedCVE-2017-2458
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.2017-04-01not yet calculatedCVE-2017-2467
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion."2017-04-01not yet calculatedCVE-2017-2415
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2469
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-01not yet calculatedCVE-2017-2478
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2468
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2460
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-01not yet calculatedCVE-2017-2482
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.2017-04-01not yet calculatedCVE-2017-2461
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2017-04-01not yet calculatedCVE-2017-2479
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.2017-04-01not yet calculatedCVE-2017-2406
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2395
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2017-04-01not yet calculatedCVE-2017-2386
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors.2017-04-01not yet calculatedCVE-2017-2390
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.2017-04-01not yet calculatedCVE-2017-2407
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2396
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2017-04-01not yet calculatedCVE-2017-2480
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.2017-04-01not yet calculatedCVE-2017-2391
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Carbon" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted .dfont file.2017-04-01not yet calculatedCVE-2017-2379
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2017-04-01not yet calculatedCVE-2017-2367
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions.2017-04-01not yet calculatedCVE-2017-2378
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2398
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2405
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state.2017-04-01not yet calculatedCVE-2017-2377
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2401
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page.2017-04-01not yet calculatedCVE-2017-2376
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2017-04-01not yet calculatedCVE-2017-2442
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2394
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.2017-04-01not yet calculatedCVE-2017-2451
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.2017-04-01not yet calculatedCVE-2017-2487
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site.2017-04-01not yet calculatedCVE-2017-2453
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "libc++abi" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling.2017-04-01not yet calculatedCVE-2017-2441
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app.2017-04-01not yet calculatedCVE-2017-2440
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.2017-04-01not yet calculatedCVE-2017-2424
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature.2017-04-01not yet calculatedCVE-2017-2423
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2454
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.2017-04-01not yet calculatedCVE-2017-2486
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-04-01not yet calculatedCVE-2017-2490
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2447
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.2017-04-01not yet calculatedCVE-2017-2446
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.2017-04-01not yet calculatedCVE-2017-2445
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2444
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.2017-04-01not yet calculatedCVE-2017-2450
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.2017-04-01not yet calculatedCVE-2017-2448
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.2017-04-01not yet calculatedCVE-2017-2419
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to cause a denial of service (infinite recursion) via a crafted image.2017-04-01not yet calculatedCVE-2017-2417
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.2017-04-01not yet calculatedCVE-2017-2472
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-01not yet calculatedCVE-2017-2474
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-01not yet calculatedCVE-2017-2483
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.2017-04-01not yet calculatedCVE-2017-2471
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file.2017-04-01not yet calculatedCVE-2017-2485
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2476
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.2017-04-01not yet calculatedCVE-2017-2475
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-04-01not yet calculatedCVE-2017-2456
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2455
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.2017-04-01not yet calculatedCVE-2017-2430
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.2017-04-01not yet calculatedCVE-2017-2428
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file.2017-04-01not yet calculatedCVE-2017-2416
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.2017-04-01not yet calculatedCVE-2017-2439
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.2017-04-01not yet calculatedCVE-2017-2435
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.2017-04-01not yet calculatedCVE-2017-2432
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2433
CONFIRM
CONFIRMapple -- software
 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-04-01not yet calculatedCVE-2017-2481
MISC
CONFIRM
CONFIRM
CONFIRMauromeera -- emli_portal
 HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.2017-03-29not yet calculatedCVE-2017-7258
MISCbubblewrap -- bubblewrap
 When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.2017-03-29not yet calculatedCVE-2017-5226
CONFIRM
CONFIRM
CONFIRMceragon -- fibeairIn the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.2017-03-30not yet calculatedCVE-2016-10309
MISCcitymont_symetrie -- citymont_symetrie
 citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter).2017-03-31not yet calculatedCVE-2017-7386
CONFIRMdahua -- ip_camera
 Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login.2017-03-30not yet calculatedCVE-2017-7253
MISCemc -- isilon_onefs
 EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.2017-03-29not yet calculatedCVE-2017-4980
CONFIRM
BIDemc -- rsa_archer_security_operations_management
 EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.2017-03-29not yet calculatedCVE-2017-4977
CONFIRM
BIDfortinet -- fortigate
 Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.2017-03-30not yet calculatedCVE-2016-7541
CONFIRM
BIDfortinet -- fortios
 A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.2017-03-30not yet calculatedCVE-2016-7542
CONFIRM
BIDgitlab -- gitlab
 Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee.2017-03-27not yet calculatedCVE-2016-9469
MISC
MISC
MISC
MISC
MISC
MISCgitlab -- gitlab
 Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.2017-03-27not yet calculatedCVE-2017-0882
BID
MISC
MISC
MISC
MISC
MISChak5 -- wifi-pineapple
 Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.2017-03-31not yet calculatedCVE-2015-4624
MISC
MISC
BUGTRAQ
EXPLOIT-DBhkdf -- hkdf
 HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.2017-03-27not yet calculatedCVE-2016-9243
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORAhoneywell -- intermec
 Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.2017-03-29not yet calculatedCVE-2017-5671
CONFIRM
BID
MISC
CONFIRMibm -- algorithmics_one-algo_risk_application
 IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892.2017-03-31not yet calculatedCVE-2017-1154
CONFIRMibm -- curam_social_program_manager
 IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.2017-03-31not yet calculatedCVE-2016-6111
CONFIRMibm -- inotes
 IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824.2017-03-31not yet calculatedCVE-2016-9990
CONFIRMibm -- jazz_foundation
 IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.2017-03-31not yet calculatedCVE-2016-9707
CONFIRMibm -- kenexa
 IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.2017-03-31not yet calculatedCVE-2016-8935
CONFIRMibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.2017-03-31not yet calculatedCVE-2016-6036
CONFIRMibm -- rational_quality_manager
 IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.2017-03-31not yet calculatedCVE-2016-6031
CONFIRMibm -- rational_quality_manager
 IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.2017-03-31not yet calculatedCVE-2016-6022
CONFIRMibm -- sterling_order_management
 IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.2017-03-31not yet calculatedCVE-2016-8917
CONFIRMibm -- tririga
 The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.2017-03-31not yet calculatedCVE-2017-1171
CONFIRMillumos -- illumos
 illumos smbsrv NULL pointer dereference allows system crash.2017-03-31not yet calculatedCVE-2016-6561
CONFIRM
CONFIRM
CONFIRMillumos -- illumos
 illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash.2017-03-31not yet calculatedCVE-2016-6560
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.2017-03-30not yet calculatedCVE-2014-9821
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."2017-03-30not yet calculatedCVE-2014-9804
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.2017-03-30not yet calculatedCVE-2014-9812
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.2017-03-30not yet calculatedCVE-2014-9805
MLIST
MLIST
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.2017-03-30not yet calculatedCVE-2014-9806
MLIST
MLIST
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.2017-03-30not yet calculatedCVE-2014-9809
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.2017-03-30not yet calculatedCVE-2014-9820
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.2017-03-30not yet calculatedCVE-2014-9810
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.2017-03-30not yet calculatedCVE-2014-9808
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.2017-03-30not yet calculatedCVE-2014-9819
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.2017-03-30not yet calculatedCVE-2014-9807
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.2017-03-30not yet calculatedCVE-2014-9817
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.2017-03-30not yet calculatedCVE-2014-9826
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.2017-03-30not yet calculatedCVE-2014-9823
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.2017-03-30not yet calculatedCVE-2014-9813
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
 The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.2017-03-30not yet calculatedCVE-2014-9811
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagick
 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.2017-03-30not yet calculatedCVE-2014-9825
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.2017-03-30not yet calculatedCVE-2014-9814
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.2017-03-30not yet calculatedCVE-2014-9816
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.2017-03-30not yet calculatedCVE-2014-9824
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.2017-03-30not yet calculatedCVE-2014-9818
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.2017-03-30not yet calculatedCVE-2014-9822
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.2017-03-30not yet calculatedCVE-2014-9815
MLIST
MLIST
CONFIRM
CONFIRMintel_security -- anti-virus_engine
 Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.2017-03-28not yet calculatedCVE-2016-8031
BID
CONFIRMintel_security -- anti-virus_engine
 Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.2017-03-31not yet calculatedCVE-2016-8032
CONFIRMjensen_of_scandinavia -- air_link
 Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary code or crash the web service via the (1) ateFunc, (2) ateGain, (3) ateTxCount, (4) ateChan, (5) ateRate, (6) ateMacID, (7) e2pTxPower1, (8) e2pTxPower2, (9) e2pTxPower3, (10) e2pTxPower4, (11) e2pTxPower5, (12) e2pTxPower6, (13) e2pTxPower7, (14) e2pTx2Power1, (15) e2pTx2Power2, (16) e2pTx2Power3, (17) e2pTx2Power4, (18) e2pTx2Power5, (19) e2pTx2Power6, (20) e2pTx2Power7, (21) ateTxFreqOffset, (22) ateMode, (23) ateBW, (24) ateAntenna, (25) e2pTxFreqOffset, (26) e2pTxPwDeltaB, (27) e2pTxPwDeltaG, (28) e2pTxPwDeltaMix, (29) e2pTxPwDeltaN, and (30) readE2P parameters of the /goform/formWlanMP endpoint.2017-03-26not yet calculatedCVE-2016-10273
MISClinux -- linux_kernel
 Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.2017-03-31not yet calculatedCVE-2014-9114
FEDORA
FEDORA
SUSE
MLIST
BID
XF
CONFIRM
CONFIRM
GENTOOlinux -- linux_kernel
 Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.2017-03-31not yet calculatedCVE-2017-7374
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.2017-03-31not yet calculatedCVE-2017-2647
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.2017-03-30not yet calculatedCVE-2017-7346
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.2017-03-27not yet calculatedCVE-2017-7273
CONFIRM
CONFIRM
BID
CONFIRMmagmi -- magmi
 A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.2017-03-31not yet calculatedCVE-2017-7391
CONFIRM
CONFIRMmantisbt -- configuration_report
 A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.2017-03-31not yet calculatedCVE-2017-7309
CONFIRM
CONFIRM
BIDmantisbt -- configuration_report
 A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.2017-03-31not yet calculatedCVE-2017-6973
CONFIRM
CONFIRM
BIDmantisbt -- move_attachments
 A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page.2017-03-31not yet calculatedCVE-2017-7241
CONFIRM
CONFIRM
BIDmikrotik -- mikrotik
 A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.2017-03-29not yet calculatedCVE-2017-7285
MISC
EXPLOIT-DBmulti-router_looking_glass -- multi-router_looking_glass
 fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.2017-03-31not yet calculatedCVE-2014-3931
CONFIRM
MISC
MISCmxit -- mxit
 The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.2017-03-29not yet calculatedCVE-2016-2379
BID
MISC
CONFIRM
GENTOOnagios -- nagios
 Cross-site scripting (XSS) vulnerability in Nagios.2017-03-31not yet calculatedCVE-2016-6209
FULLDISC
CONFIRMnational_instruments -- labview_2016
 An exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version 16.0.0.49152. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.2017-03-31not yet calculatedCVE-2017-2775
MISCnetiq -- sentinel_server
 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).2017-03-30not yet calculatedCVE-2017-5184
CONFIRMnetiq -- sentinel_server
 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.2017-03-30not yet calculatedCVE-2017-5185
CONFIRMoci-register-machine -- oci-register-machine
 The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.2017-03-29not yet calculatedCVE-2016-6349
MLIST
MLIST
BID
CONFIRM
CONFIRMopen-exchange --appsuite
 Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML.2017-03-29not yet calculatedCVE-2016-6846
CONFIRM
BID
CONFIRM
CONFIRMopen_eclass -- open_eclass
 Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.2017-03-31not yet calculatedCVE-2017-7389
CONFIRMopenstack -- glance
 The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.2017-03-29not yet calculatedCVE-2015-8234
MLIST
MISC
CONFIRMpixie -- pixie
 Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.2017-03-31not yet calculatedCVE-2017-7359
MISCpixie -- pixie
 Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.2017-03-31not yet calculatedCVE-2017-7360
MISCpixie -- pixie
 Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack.2017-03-31not yet calculatedCVE-2017-7362
MISCpixie -- pixie
 Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack.2017-03-31not yet calculatedCVE-2017-7363
MISCpixie -- pixie
 Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack.2017-03-31not yet calculatedCVE-2017-7361
MISCrancher_labs -- rancher_server
 Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.2017-03-28not yet calculatedCVE-2017-7297
BID
CONFIRMruby -- ruby
 DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.2017-03-29not yet calculatedCVE-2009-5147
MLIST
BID
CONFIRM
CONFIRM
CONFIRMsamsung -- galaxy
 GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.2017-03-27not yet calculatedCVE-2015-0863
MISCsamsung -- samsung_account
 Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.2017-03-27not yet calculatedCVE-2015-0864
BID
MISCsiklu -- etherhaul
 Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.2017-03-30not yet calculatedCVE-2017-7318
MISC
BIDsiklu -- etherhaul
 Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.2017-03-30not yet calculatedCVE-2016-10308
MISC
BIDsnoopy -- snoopy
 The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.2017-03-31not yet calculatedCVE-2008-7313
CONFIRM
MLIST
MLIST
MLIST
BID
CONFIRM
XF
REDHAT
REDHAT
REDHAT
REDHAT
GENTOO
MISCsnoopy -- snoopy
 Snoopy allows remote attackers to execute arbitrary commands.2017-03-31not yet calculatedCVE-2014-5008
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
MLIST
MLIST
MLIST
BID
CONFIRM
MISCsnoopy -- snoopy
 Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.2017-03-31not yet calculatedCVE-2014-5009
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
MLIST
BID
XF
CONFIRM
MISC
MISCsocialnetwork -- socialnetwork
 A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.2017-03-31not yet calculatedCVE-2017-7390
CONFIRMsophos -- sophos_web_appliance
 In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.2017-03-30not yet calculatedCVE-2017-6412
CONFIRM
CONFIRMsophos -- sophos_web_appliance
 In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.2017-03-30not yet calculatedCVE-2017-6183
CONFIRM
CONFIRMsophos -- sophos_web_appliance
 In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.2017-03-30not yet calculatedCVE-2017-6182
CONFIRM
CONFIRMsophos -- sophos_web_appliance
 In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.2017-03-30not yet calculatedCVE-2017-6184
CONFIRM
CONFIRMsync_breeze -- enterprise_client
 A buffer overflow vulnerability in Import Command in Sync Breeze Enterprise Client 9.5.16, Disk Sorter Enterprise Client 9.5.12, and DiskBoss Enterprise Client 7.8.16 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.2017-03-29not yet calculatedCVE-2017-7310
BID
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DBthefirstquestion_helpmewatchwho -- thefirstquestion_helpmewatchwho
 TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter).2017-03-31not yet calculatedCVE-2017-7387
CONFIRMtigervnc -- tigervnc
 In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.2017-03-31not yet calculatedCVE-2017-7392
CONFIRMtigervnc -- tigervnc
 In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.2017-03-31not yet calculatedCVE-2017-7393
CONFIRMtigervnc -- tigervnc
 In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.2017-03-31not yet calculatedCVE-2017-7395
CONFIRM
CONFIRMtigervnc -- tigervnc
 In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.2017-03-31not yet calculatedCVE-2017-7396
CONFIRM
CONFIRMtigervnc -- tigervnc
 In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.2017-03-31not yet calculatedCVE-2017-7394
CONFIRMtrango -- altum_ac600
 Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.2017-03-30not yet calculatedCVE-2016-10306
MISC
MISC
BIDtrango -- trango
 Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.2017-03-30not yet calculatedCVE-2016-10305
MISCtrango -- trango
 Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.2017-03-30not yet calculatedCVE-2016-10307
MISC
BIDtrend_micro -- enterprise_mobile_security_android_applicaton
 There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.2017-03-30not yet calculatedCVE-2016-9319
MISC
CONFIRMubuntu -- dmcrypt-get-devicedmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS.2017-03-27not yet calculatedCVE-2017-6964
BID
CONFIRM
CONFIRMvlc -- vlc
 VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.2017-03-28not yet calculatedCVE-2014-6440
MISC
MLIST
BID
MISC
GENTOOwallacepos -- wallacepos
 A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.2017-03-31not yet calculatedCVE-2017-7388
CONFIRMxoops -- xoops
 SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.2017-03-30not yet calculatedCVE-2017-7290
BID
MISCzimbra -- zimbra_collaboration_suite
 Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.2017-03-29not yet calculatedCVE-2016-9924
BID
CONFIRMzulip -- zulip
 An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.2017-03-27not yet calculatedCVE-2017-0881
BID
MISC
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Internet Information Services (IIS) 6.0 Vulnerability

3 weeks 2 days ago
Original release date: March 30, 2017

US-CERT is aware of active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. 

On June 15, 2015, Microsoft ended support for Windows Server 2003 Operating System, which includes its Internet Information Services (IIS) 6.0 web server. Computers running Windows Server 2003 Operating System and its associated programs will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.

US-CERT encourages users and administrators to review the National Vulnerability Database entry on this vulnerability, as well as US-CERT Alert TA14-310A.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Google Releases Security Updates for Chrome

3 weeks 3 days ago
Original release date: March 30, 2017

Google has released Chrome version 57.0.2987.133 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT