National Cyber Awareness System:
SB17-100: Vulnerability Summary for the Week of April 3, 2017
04/10/2017 07:48 AM EDT
Original release date: April 10, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
- Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
- Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
adobe — acrobat_reader | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution. | 2017-03-31 | 10.0 | CVE-2017-3010 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2398 BID CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2401 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the “Security” component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature. | 2017-04-01 | 7.5 | CVE-2017-2423 BID CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the “HTTPProtocol” component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors. | 2017-04-01 | 7.5 | CVE-2017-2428 BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “HomeKit” component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center. | 2017-04-01 | 10.0 | CVE-2017-2434 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2440 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “libc++abi” component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling. | 2017-04-01 | 9.3 | CVE-2017-2441 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Security” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2451 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-04-01 | 7.6 | CVE-2017-2456 BID MISC CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Keyboards” component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2458 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2472 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2473 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2474 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-04-01 | 7.6 | CVE-2017-2478 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2482 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2483 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Security” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file. | 2017-04-01 | 9.3 | CVE-2017-2485 BID MISC CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2490 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the “MCX Client” component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained. | 2017-04-01 | 7.5 | CVE-2017-2402 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOATAFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2408 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2410 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2420 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “AppleGraphicsPowerManagement” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2421 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Multi-Touch” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2422 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2427 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOFireWireAVC” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2436 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOFireWireAVC” component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2017-04-01 | 7.2 | CVE-2017-2437 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “AppleRAID” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2438 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2443 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | 2017-04-01 | 9.3 | CVE-2017-2449 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “libxslt” component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2017-04-01 | 7.5 | CVE-2017-2477 BID CONFIRM |
huawei — campus_s9700_firmware | Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism. | 2017-04-02 | 7.5 | CVE-2014-4707 CONFIRM |
huawei — cloudengine_5800_firmware | Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset. | 2017-04-02 | 7.1 | CVE-2016-8795 CONFIRM BID |
huawei — fusionaccess | Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable. | 2017-04-02 | 7.8 | CVE-2015-7844 CONFIRM |
huawei — hisuite | Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. | 2017-04-02 | 7.2 | CVE-2016-8274 CONFIRM |
huawei — mate_8_firmware | ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart). | 2017-04-02 | 7.1 | CVE-2016-8756 CONFIRM BID |
huawei — mate_8_firmware | ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart). | 2017-04-02 | 7.1 | CVE-2016-8758 CONFIRM BID |
huawei — nem-al10_firmware | Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. | 2017-04-02 | 7.2 | CVE-2016-8775 CONFIRM BID |
huawei — oceanstor_5600_v3_firmware | Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command’s parameters, and run this injected command with root privilege. | 2017-04-02 | 9.0 | CVE-2016-8801 CONFIRM BID |
huawei — p8_lite_firmware | The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation. | 2017-04-02 | 9.3 | CVE-2016-8763 CONFIRM BID |
huawei — p9_plus_firmware | Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege. | 2017-04-02 | 9.3 | CVE-2016-8759 CONFIRM BID |
huawei — p9_plus_firmware | Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege. | 2017-04-02 | 9.3 | CVE-2016-8760 CONFIRM BID |
huawei — p9_plus_firmware | Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege. | 2017-04-02 | 9.3 | CVE-2016-8761 CONFIRM BID |
huawei — quidway_s6700_firmware | Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sending malformed packets to these vulnerable products. | 2017-04-02 | 7.8 | CVE-2014-3224 CONFIRM |
huawei — s2750_firmware | Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software V200R003C00SPC300; S2750 with software V200R003C00SPC300; S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S5700 with software V200R001C00SPC300,V200R003C00SPC300; S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S7700 with software V200R001C00SPC300; S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S9300E with software V200R003C00SPC300,V200R003C00SPC500 allow attackers to keep sending malformed packets to cause a denial of service (DoS) attack, aka a heap overflow. | 2017-04-02 | 7.8 | CVE-2014-4706 CONFIRM |
huawei — s6300_firmware | Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packets. The vulnerability causes the restart of switches. | 2017-04-02 | 7.8 | CVE-2014-3223 CONFIRM |
huawei — tecal_bh621_v2_firmware | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to execute arbitrary code or restart the system via crafted DNS packets. | 2017-04-02 | 7.5 | CVE-2014-9693 CONFIRM |
huawei — usg5500_firmware | Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server. | 2017-04-02 | 7.8 | CVE-2016-8798 CONFIRM BID |
huawei — usg9580_firmware | Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. | 2017-04-02 | 7.8 | CVE-2016-8796 CONFIRM BID |
ibm — curam_social_program_management | IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. | 2017-03-31 | 8.5 | CVE-2016-6111 CONFIRM BID |
ibm — rational_software_architect_design_manager | IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. | 2017-03-31 | 7.5 | CVE-2016-9707 BID CONFIRM |
illumos — illumos | illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. | 2017-03-31 | 7.8 | CVE-2016-6560 CONFIRM CONFIRM CONFIRM |
illumos — illumos | illumos smbsrv NULL pointer dereference allows system crash. | 2017-03-31 | 7.8 | CVE-2016-6561 CONFIRM CONFIRM CONFIRM |
linux — linux_kernel | The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. | 2017-03-31 | 7.2 | CVE-2017-2647 CONFIRM BID CONFIRM CONFIRM |
linux — linux_kernel | Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. | 2017-03-31 | 7.2 | CVE-2017-7374 CONFIRM BID CONFIRM CONFIRM |
multi-router_looking_glass_project — multi-router_looking_glass | fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. | 2017-03-31 | 7.5 | CVE-2014-3931 CONFIRM MISC MISC |
opensuse_project — opensuse | Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | 2017-03-31 | 7.2 | CVE-2014-9114 FEDORA FEDORA SUSE MLIST BID XF CONFIRM CONFIRM GENTOO |
snoopy — snoopy | The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | 2017-03-31 | 7.5 | CVE-2008-7313 CONFIRM MLIST MLIST MLIST BID CONFIRM XF REDHAT REDHAT REDHAT REDHAT GENTOO MISC |
snoopy — snoopy | Snoopy allows remote attackers to execute arbitrary commands. | 2017-03-31 | 7.5 | CVE-2014-5008 REDHAT REDHAT REDHAT REDHAT CONFIRM DEBIAN MLIST MLIST MLIST BID CONFIRM MISC |
snoopy — snoopy | Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | 2017-03-31 | 7.5 | CVE-2014-5009 REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST MLIST BID XF CONFIRM MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
adobe — acrobat_reader | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure. | 2017-03-31 | 5.0 | CVE-2017-3009 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Carbon” component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted .dfont file. | 2017-04-01 | 6.8 | CVE-2017-2379 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the the “Profiles” component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support. | 2017-04-01 | 5.0 | CVE-2017-2380 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Safari Reader” component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site. | 2017-04-01 | 4.3 | CVE-2017-2393 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “SafariViewController” component. It allows attackers to obtain sensitive information by leveraging the SafariViewController’s incorrect synchronization of Safari cache clearing. | 2017-04-01 | 5.0 | CVE-2017-2400 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Quick Look” component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016. | 2017-04-01 | 5.0 | CVE-2017-2404 BID CONFIRM MISC |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “FontParser” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. | 2017-04-01 | 6.8 | CVE-2017-2406 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “FontParser” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. | 2017-04-01 | 6.8 | CVE-2017-2407 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “iTunes Store” component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP. | 2017-04-01 | 4.3 | CVE-2017-2412 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “DataAccess” component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address. | 2017-04-01 | 5.0 | CVE-2017-2414 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code by leveraging an unspecified “type confusion.” | 2017-04-01 | 6.8 | CVE-2017-2415 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “ImageIO” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file. | 2017-04-01 | 6.8 | CVE-2017-2416 BID MISC CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreGraphics” component. It allows remote attackers to cause a denial of service (infinite recursion) via a crafted image. | 2017-04-01 | 4.3 | CVE-2017-2417 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. | 2017-04-01 | 6.8 | CVE-2017-2430 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “ImageIO” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. | 2017-04-01 | 6.8 | CVE-2017-2432 BID MISC CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreText” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. | 2017-04-01 | 6.8 | CVE-2017-2435 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “FontParser” component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. | 2017-04-01 | 5.8 | CVE-2017-2439 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the “Keychain” component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets. | 2017-04-01 | 4.3 | CVE-2017-2448 BID CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreText” component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. | 2017-04-01 | 5.8 | CVE-2017-2450 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreText” component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message. | 2017-04-01 | 5.0 | CVE-2017-2461 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. | 2017-04-01 | 6.8 | CVE-2017-2462 BID MISC CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “ImageIO” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. | 2017-04-01 | 6.8 | CVE-2017-2467 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Phone” component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app. | 2017-04-01 | 5.0 | CVE-2017-2484 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “FontParser” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. | 2017-04-01 | 6.8 | CVE-2017-2487 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — keynote | An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the “Export” component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4. | 2017-04-01 | 5.0 | CVE-2017-2391 BID CONFIRM |
apple — mac_os_server | An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the “Wiki Server” component. It allows remote attackers to enumerate user accounts via unspecified vectors. | 2017-04-01 | 5.0 | CVE-2017-2382 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “sudo” component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server. | 2017-04-01 | 6.5 | CVE-2017-2381 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOFireWireFamily” component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | 2017-04-01 | 4.3 | CVE-2017-2388 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Printing” component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL. | 2017-04-01 | 6.8 | CVE-2017-2403 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Menus” component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app. | 2017-04-01 | 5.8 | CVE-2017-2409 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “QuickTime” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file. | 2017-04-01 | 6.8 | CVE-2017-2413 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “SecurityFoundation” component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate. | 2017-04-01 | 6.8 | CVE-2017-2425 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “iBooks” component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file. | 2017-04-01 | 4.3 | CVE-2017-2426 BID MISC CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “FinderKit” component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action. | 2017-04-01 | 5.0 | CVE-2017-2429 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “CoreMedia” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file. | 2017-04-01 | 6.8 | CVE-2017-2431 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. | 2017-04-01 | 4.3 | CVE-2017-2489 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the “System Integrity Protection” component. It allows attackers to modify the contents of a protected disk location via a crafted app. | 2017-04-01 | 4.3 | CVE-2017-6974 BID CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 2017-04-01 | 4.3 | CVE-2017-2367 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page. | 2017-04-01 | 5.0 | CVE-2017-2376 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit Web Inspector” component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state. | 2017-04-01 | 5.0 | CVE-2017-2377 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the “WebKit” component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. | 2017-04-01 | 6.8 | CVE-2017-2378 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 2017-04-01 | 4.3 | CVE-2017-2386 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site. | 2017-04-01 | 5.8 | CVE-2017-2389 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | 2017-04-01 | 6.8 | CVE-2017-2392 BID CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2394 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2395 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2396 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit Web Inspector” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2405 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors. | 2017-04-01 | 5.0 | CVE-2017-2419 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the “WebKit” component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. | 2017-04-01 | 4.3 | CVE-2017-2424 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2433 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit JavaScript Bindings” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 2017-04-01 | 4.3 | CVE-2017-2442 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreGraphics” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2444 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. | 2017-04-01 | 4.3 | CVE-2017-2445 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. | 2017-04-01 | 6.8 | CVE-2017-2446 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site. | 2017-04-01 | 5.8 | CVE-2017-2447 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site. | 2017-04-01 | 4.3 | CVE-2017-2453 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2454 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2455 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2457 BID CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2459 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2460 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2463 BID MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2464 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2465 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2466 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2468 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2469 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2470 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the “WebKit” component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2471 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site. | 2017-04-01 | 4.3 | CVE-2017-2475 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2476 BID CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 2017-04-01 | 4.3 | CVE-2017-2479 BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 2017-04-01 | 4.3 | CVE-2017-2480 BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-04-01 | 6.8 | CVE-2017-2481 BID MISC CONFIRM CONFIRM CONFIRM |
apple — safari | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to spoof the address bar via a crafted web site. | 2017-04-01 | 4.3 | CVE-2017-2486 BID CONFIRM CONFIRM |
getpixie — pixie | Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | 2017-03-31 | 4.3 | CVE-2017-7359 MISC BID BID |
getpixie — pixie | Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. | 2017-03-31 | 4.3 | CVE-2017-7360 MISC BID |
getpixie — pixie | Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. | 2017-03-31 | 4.3 | CVE-2017-7361 MISC BID |
getpixie — pixie | Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. | 2017-03-31 | 4.3 | CVE-2017-7362 MISC BID |
getpixie — pixie | Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. | 2017-03-31 | 4.3 | CVE-2017-7363 MISC BID |
hak5 — wi-fi_pineapple_firmware | Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. | 2017-03-31 | 4.3 | CVE-2015-4624 MISC MISC BUGTRAQ EXPLOIT-DB |
helpmewatchwho_project — helpmewatchwho | TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). | 2017-03-31 | 4.3 | CVE-2017-7387 BID CONFIRM |
huawei — ascend_p6_edge-t00_firmware | Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones. | 2017-04-02 | 4.3 | CVE-2014-8571 CONFIRM |
huawei — cloudengine_6800_firmware | Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition. | 2017-04-02 | 6.8 | CVE-2016-8780 CONFIRM BID |
huawei — espace_iad_firmware | Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. | 2017-04-02 | 5.0 | CVE-2016-8271 CONFIRM |
huawei — espace_integrated_access_device_firmware | Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS. | 2017-04-02 | 4.3 | CVE-2016-8789 CONFIRM BID |
huawei — espace_meeting | In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. | 2017-04-02 | 6.6 | CVE-2014-3222 CONFIRM |
huawei — eudemon8000e_firmware | Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process becomes slow and users may be unable to log in to the device. | 2017-04-02 | 5.0 | CVE-2014-3221 CONFIRM |
huawei — fusionaccess | Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database. | 2017-04-02 | 4.0 | CVE-2016-8779 CONFIRM BID |
huawei — fusionstorage | The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. | 2017-04-02 | 4.1 | CVE-2016-8803 CONFIRM BID |
huawei — hisuite | Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. | 2017-04-02 | 6.9 | CVE-2016-8273 CONFIRM |
huawei — logcenter | Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service. | 2017-04-02 | 4.0 | CVE-2015-8670 CONFIRM |
huawei — logcenter | Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. | 2017-04-02 | 6.5 | CVE-2015-8671 CONFIRM |
huawei — mate_s_firmware | Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | 2017-04-02 | 6.2 | CVE-2016-8791 CONFIRM BID |
huawei — mate_s_firmware | Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | 2017-04-02 | 6.2 | CVE-2016-8792 CONFIRM BID |
huawei — mate_s_firmware | Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | 2017-04-02 | 6.2 | CVE-2016-8793 CONFIRM BID |
huawei — mate_s_firmware | Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | 2017-04-02 | 6.2 | CVE-2016-8794 CONFIRM BID |
huawei — oceanstor_5600_v3_firmware | Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH. | 2017-04-02 | 5.4 | CVE-2016-8754 CONFIRM BID |
huawei — oceanstor_5800_v3_firmware | The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays. | 2017-04-02 | 4.0 | CVE-2016-6177 CONFIRM |
huawei — p7-l10_firmware | The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information. | 2017-04-02 | 4.3 | CVE-2015-2246 CONFIRM |
huawei — p8_lite_firmware | The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver. | 2017-04-02 | 4.1 | CVE-2016-8764 CONFIRM BID |
huawei — secospace_usg6300_firmware | Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition. | 2017-04-02 | 4.0 | CVE-2016-8781 CONFIRM BID |
huawei — secospace_usg6300_firmware | The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system. | 2017-04-02 | 6.8 | CVE-2016-8802 CONFIRM BID |
huawei — tecal_bh621_v2_firmware | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow users who log in to the products to view the sessions IDs of all online users on the Online Users page of the web UI. | 2017-04-02 | 4.0 | CVE-2014-9691 CONFIRM |
huawei — tecal_bh621_v2_firmware | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to figure out the RMCP+ session IDs of users and access the system with forged identities. | 2017-04-02 | 5.0 | CVE-2014-9692 CONFIRM |
huawei — tecal_bh621_v2_firmware | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions have a CSRF vulnerability. The products do not use the Token mechanism for web access control. When users log in to the Huawei servers and access websites containing the malicious CSRF script, the CSRF script is executed, which may cause configuration tampering and system restart. | 2017-04-02 | 6.8 | CVE-2014-9694 CONFIRM |
huawei — tecal_e9000_chassis_firmware | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user. | 2017-04-02 | 6.5 | CVE-2014-9695 CONFIRM |
huawei — tecal_e9000_chassis_firmware | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation. | 2017-04-02 | 6.5 | CVE-2014-9696 CONFIRM |
huawei — usg2100_firmware | Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | 2017-04-02 | 6.8 | CVE-2014-9136 CONFIRM |
huawei — usg2100_firmware | Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | 2017-04-02 | 6.8 | CVE-2014-9137 CONFIRM |
huawei — ws318_firmware | Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier’s solution is not random enough. As a result, brute force cracking the PIN code is easier. After an attacker cracks the PIN, the attacker can access the Internet via the cracked device. | 2017-04-02 | 5.0 | CVE-2014-9690 CONFIRM |
ibm — algo_one | IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892. | 2017-03-31 | 4.0 | CVE-2017-1154 CONFIRM BID |
ibm — inotes | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824. | 2017-03-31 | 4.3 | CVE-2016-9990 CONFIRM BID |
ibm — sterling_selling_and_fulfillment_foundation | IBM Sterling Order Management 9.2 – 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943. | 2017-03-31 | 6.8 | CVE-2016-8917 CONFIRM BID |
ibm — tririga_application_platform | The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083. | 2017-03-31 | 4.0 | CVE-2017-1171 BID CONFIRM |
libarchive — libarchive | The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. | 2017-04-03 | 4.3 | CVE-2016-10209 BID CONFIRM |
magmi_project — magmi | A Cross-Site Scripting (XSS) was discovered in ‘Magmi 0.7.22’. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the ‘magmi-git-master/magmi/web/ajax_gettime.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-31 | 4.3 | CVE-2017-7391 BID CONFIRM CONFIRM |
mcafee — anti-malware_scan_engine | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | 2017-03-31 | 4.4 | CVE-2016-8032 BID CONFIRM |
nagios — nagios | Cross-site scripting (XSS) vulnerability in Nagios. | 2017-03-31 | 4.3 | CVE-2016-6209 FULLDISC CONFIRM |
ni — labview | An exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version 16.0.0.49152. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution. | 2017-03-31 | 6.8 | CVE-2017-2775 BID MISC |
openeclass_project — openeclass | Multiple Cross-Site Scripting (XSS) were discovered in ‘openeclass Release_3.5.4’. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the ‘openeclass-master/modules/tc/webconf/webconf.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-31 | 4.3 | CVE-2017-7389 BID CONFIRM |
podofo_project — podofo | The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. | 2017-04-03 | 4.3 | CVE-2017-7378 BID MISC |
podofo_project — podofo | The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. | 2017-04-03 | 4.3 | CVE-2017-7379 BID MISC |
podofo_project — podofo | The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | 2017-04-03 | 4.3 | CVE-2017-7381 BID MISC |
socialnetwork_project — socialnetwork | A Cross-Site Scripting (XSS) was discovered in ‘SocialNetwork v1.2.1’. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the ‘SocialNetwork-andrea/app/template/pw_forgot.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-31 | 4.3 | CVE-2017-7390 BID CONFIRM |
symetrie_project — symetrie | citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). | 2017-03-31 | 4.3 | CVE-2017-7386 CONFIRM |
tigervnc — tigervnc | In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. | 2017-03-31 | 5.0 | CVE-2017-7392 BID CONFIRM |
tigervnc — tigervnc | In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. | 2017-03-31 | 6.5 | CVE-2017-7393 BID CONFIRM |
tigervnc — tigervnc | In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. | 2017-03-31 | 5.0 | CVE-2017-7394 BID CONFIRM |
tigervnc — tigervnc | In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. | 2017-03-31 | 4.0 | CVE-2017-7395 BID CONFIRM CONFIRM |
tigervnc — tigervnc | In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. | 2017-03-31 | 5.0 | CVE-2017-7396 BID CONFIRM CONFIRM |
wallacepos_project — wallacepos | A Cross-Site Scripting (XSS) was discovered in ‘wallacepos v1.4.1’. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the ‘wallacepos-master/myaccount/resetpassword.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-31 | 4.3 | CVE-2017-7388 BID CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the “Safari” component. It allows local users to identify the web-site visits that occurred in Private Browsing mode. | 2017-04-01 | 2.1 | CVE-2017-2384 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the “libarchive” component. It allows local users to change arbitrary directory permissions via unspecified vectors. | 2017-04-01 | 2.1 | CVE-2017-2390 BID CONFIRM CONFIRM CONFIRM CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Accounts” component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen. | 2017-04-01 | 2.1 | CVE-2017-2397 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Pasteboard” component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode). | 2017-04-01 | 2.1 | CVE-2017-2399 BID CONFIRM |
apple — iphone_os | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Siri” component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors. | 2017-04-01 | 2.1 | CVE-2017-2452 BID CONFIRM |
apple — itunes | An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the “APNs Server” component. It allows man-in-the-middle attackers to track users via correlation with this certificate. | 2017-04-01 | 3.5 | CVE-2017-2383 BID CONFIRM CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the “EFI” component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter. | 2017-04-01 | 2.1 | CVE-2016-7585 BID CONFIRM |
apple — mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Hypervisor” component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors. | 2017-04-01 | 2.1 | CVE-2017-2418 BID CONFIRM |
apple — safari | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the “Safari Login AutoFill” component. It allows local users to obtain access to locked keychain items via unspecified vectors. | 2017-04-01 | 2.1 | CVE-2017-2385 BID CONFIRM |
huawei — anyoffice | Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb. | 2017-04-02 | 3.5 | CVE-2016-8275 CONFIRM BID |
huawei — hisuite | Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user’s proxy password, causing information leaks. | 2017-04-02 | 2.1 | CVE-2016-8272 CONFIRM |
huawei — p8_lite_firmware | The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart. | 2017-04-02 | 1.9 | CVE-2016-8762 CONFIRM BID |
ibm — kenexa_lms | IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483. | 2017-03-31 | 3.5 | CVE-2016-8935 CONFIRM BID |
ibm — rational_quality_manager | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. | 2017-03-31 | 3.5 | CVE-2016-6022 BID CONFIRM |
ibm — rational_quality_manager | IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. | 2017-03-31 | 3.5 | CVE-2016-6031 BID CONFIRM |
ibm — rational_quality_manager | IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. | 2017-03-31 | 3.5 | CVE-2016-6036 BID CONFIRM |
mantisbt — mantisbt | A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted ‘action’ parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2. | 2017-03-31 | 3.5 | CVE-2017-6973 CONFIRM CONFIRM BID |
mantisbt — mantisbt | A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted ‘type’ parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the “Post-installation and upgrade tasks” of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page. | 2017-03-31 | 3.5 | CVE-2017-7241 CONFIRM CONFIRM BID |
mantisbt — mantisbt | A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted ‘config_option’ parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3. | 2017-03-31 | 3.5 | CVE-2017-7309 CONFIRM CONFIRM BID |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
airtame — hdmi_dongle_firmware | AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time. | 2017-04-05 | not yet calculated | CVE-2017-7450 MISC |
apache — ambari | During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | 2017-04-03 | not yet calculated | CVE-2017-5642 CONFIRM |
apache — geode | Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster. | 2017-04-04 | not yet calculated | CVE-2017-5649 MLIST BID |
apache — ignite | Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents. | 2017-04-07 | not yet calculated | CVE-2016-6805 CONFIRM |
apache — tika | Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization. | 2017-04-06 | not yet calculated | CVE-2016-6809 CONFIRM BID MISC |
apache — tomcat | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn’t updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. | 2017-04-06 | not yet calculated | CVE-2016-8735 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM BID |
apple — apple_android_music_app | The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-04-07 | not yet calculated | CVE-2017-2387 MISC CONFIRM |
apple — ios | Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior. | 2017-04-05 | not yet calculated | CVE-2017-6975 BID MISC CONFIRM MISC |
apple — safari | runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a “type confusion” in the JSON.stringify function. | 2017-04-03 | not yet calculated | CVE-2016-10222 CONFIRM CONFIRM |
apple — safari | JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm. | 2017-04-03 | not yet calculated | CVE-2017-5949 BID CONFIRM CONFIRM |
apple — safari | JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp. | 2017-04-03 | not yet calculated | CVE-2016-10226 CONFIRM CONFIRM |
apt-cacher — apt-cacher | apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. | 2017-04-05 | not yet calculated | CVE-2017-7443 CONFIRM CONFIRM |
arm_trusted_firmware — arm_trusted_firmware | In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code. | 2017-04-06 | not yet calculated | CVE-2016-10319 CONFIRM |
artifex_software — ghostscript | The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. | 2017-04-03 | not yet calculated | CVE-2016-10317 BID MISC |
artifex_software — ghostscript | The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. | 2017-04-03 | not yet calculated | CVE-2016-10217 CONFIRM CONFIRM |
artifex_software — ghostscript | The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | 2017-04-03 | not yet calculated | CVE-2016-10219 CONFIRM CONFIRM |
artifex_software — ghostscript | The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | 2017-04-03 | not yet calculated | CVE-2017-5951 MISC |
artifex_software — ghostscript | The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. | 2017-04-03 | not yet calculated | CVE-2016-10220 CONFIRM CONFIRM |
artifex_software — ghostscript | The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | 2017-04-03 | not yet calculated | CVE-2016-10218 CONFIRM CONFIRM |
artifex_software — mupdf | The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document. | 2017-04-03 | not yet calculated | CVE-2016-10221 MISC |
back_in_time — back_in_time | The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester. | 2017-04-06 | not yet calculated | CVE-2017-7572 MISC |
blue_coat — advanced_secure_gateway | Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. | 2017-04-05 | not yet calculated | CVE-2016-9091 BID CONFIRM |
broadcom — wifi_hardmac_soc_firmware | On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE). | 2017-04-05 | not yet calculated | CVE-2017-6956 MISC MISC |
cisco — aironet_secure_access_point_software | A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1). | 2017-04-07 | not yet calculated | CVE-2016-9196 CONFIRM |
cisco — asr_900_devices | A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP. | 2017-04-07 | not yet calculated | CVE-2017-6603 CONFIRM |
cisco — evolved_programmable_network | A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D). | 2017-04-07 | not yet calculated | CVE-2017-3884 CONFIRM |
cisco — firepower_system_software | A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2. | 2017-04-07 | not yet calculated | CVE-2017-3887 CONFIRM |
cisco — firepower_system_software | A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1. | 2017-04-07 | not yet calculated | CVE-2017-3885 CONFIRM |
cisco — integrated_management_controller | A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B. | 2017-04-07 | not yet calculated | CVE-2017-6604 CONFIRM |
cisco — ios_xe_software | A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E. | 2017-04-07 | not yet calculated | CVE-2017-6606 CONFIRM |
cisco — ios_xr_software | A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL. | 2017-04-07 | not yet calculated | CVE-2017-6599 CONFIRM |
cisco — ireless_lan_controller_software | A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592. | 2017-04-06 | not yet calculated | CVE-2016-9219 BID CONFIRM |
cisco — mobility_express_software | A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691. | 2017-04-06 | not yet calculated | CVE-2017-3834 BID CONFIRM |
cisco — mobility_express_wireless_lan_controllers_software | A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0). | 2017-04-07 | not yet calculated | CVE-2016-9197 CONFIRM |
cisco — prime_infrastructure | A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0). | 2017-04-07 | not yet calculated | CVE-2017-3848 CONFIRM |
cisco — registered_envelope_service | A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. | 2017-04-07 | not yet calculated | CVE-2017-3889 CONFIRM |
cisco — unified_communications_manager | A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242). | 2017-04-07 | not yet calculated | CVE-2017-3888 CONFIRM |
cisco — unified_communications_manager | A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2). | 2017-04-07 | not yet calculated | CVE-2017-3886 CONFIRM |
cisco — unified_computing_system manager | A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69). | 2017-04-07 | not yet calculated | CVE-2017-6598 CONFIRM |
cisco — unified_computing_system_director | A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0). | 2017-04-07 | not yet calculated | CVE-2017-3817 CONFIRM |
cisco — unified_computing_system_manager | A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647). | 2017-04-07 | not yet calculated | CVE-2017-6601 CONFIRM |
cisco — unified_computing_system_manager | A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136. | 2017-04-07 | not yet calculated | CVE-2017-6600 CONFIRM |
cisco — unified_computing_system_manager | A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138). | 2017-04-07 | not yet calculated | CVE-2017-6602 CONFIRM |
cisco — unified_computing_system | A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). | 2017-04-07 | not yet calculated | CVE-2017-6597 CONFIRM |
cisco — wireless_lan_controller_software | A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353. | 2017-04-06 | not yet calculated | CVE-2016-9194 BID CONFIRM |
cisco — wireless_lan_controller_software | A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3). | 2017-04-07 | not yet calculated | CVE-2016-9195 CONFIRM |
cisco — wireless_lan_controller_software | A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198. | 2017-04-06 | not yet calculated | CVE-2017-3832 BID CONFIRM |
clipbucket — clipbucket | Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673. | 2017-04-06 | not yet calculated | CVE-2016-1000307 MISC |
clipbucket — clipbucket | Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php. | 2017-04-06 | not yet calculated | CVE-2015-4673 MISC MISC MISC |
cloud_foundry_foundation — bosh_azure | Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a “CPI code injection vulnerability.” | 2017-04-06 | not yet calculated | CVE-2017-4964 CONFIRM |
collectd — collectd | Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with “SecurityLevel None” and with empty “AuthFile” options) via a crafted UDP packet. | 2017-04-03 | not yet calculated | CVE-2017-7401 BID CONFIRM |
d-link — dir-615_firmware | D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | 2017-04-04 | not yet calculated | CVE-2017-7398 MISC |
django_project — django | A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the “django.views.static.serve()“ view could redirect to any other domain, aka an open redirect vulnerability. | 2017-04-04 | not yet calculated | CVE-2017-7234 BID CONFIRM |
django_project — django | Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an “on success” URL. The security check for these redirects (namely “django.utils.http.is_safe_url()“) considered some numeric URLs “safe” when they shouldn’t be, aka an open redirect vulnerability. Also, if a developer relies on “is_safe_url()“ to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. | 2017-04-04 | not yet calculated | CVE-2017-7233 BID CONFIRM |
dragonwave — horizon | DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8. | 2017-04-06 | not yet calculated | CVE-2017-7576 MISC |
dropbox –dropbox | The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image. | 2017-04-05 | not yet calculated | CVE-2017-7448 CONFIRM CONFIRM |
entropymine — imageworsener | The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | 2017-04-05 | not yet calculated | CVE-2017-7452 CONFIRM |
entropymine — imageworsener | The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | 2017-04-05 | not yet calculated | CVE-2017-7453 CONFIRM |
entropymine — imageworsener | The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | 2017-04-05 | not yet calculated | CVE-2017-7454 CONFIRM |
f5 — ssl_intercept_iapp_software | F5 SSL Intercept iApp 1.5.0 – 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. | 2017-04-06 | not yet calculated | CVE-2017-6130 CONFIRM |
f5 — ssl_intercept_iapp_software | F5 SSL Intercept iApp version 1.5.0 – 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic. | 2017-04-06 | not yet calculated | CVE-2017-0305 CONFIRM |
faveo — faveo | public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges. | 2017-04-06 | not yet calculated | CVE-2017-7571 MISC CONFIRM |
forgerock — openidm | In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the “anonymous” user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js. | 2017-04-08 | not yet calculated | CVE-2017-7589 MISC CONFIRM |
forgerock — openidm | OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. | 2017-04-08 | not yet calculated | CVE-2017-7591 MISC CONFIRM |
forgerock — openidm | OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. | 2017-04-08 | not yet calculated | CVE-2017-7590 MISC CONFIRM |
foxit_software — foxit_PDF_toolkit | Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file. | 2017-04-07 | not yet calculated | CVE-2017-7584 CONFIRM |
foxit_software — foxit_reader | Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0. | 2017-04-04 | not yet calculated | CVE-2016-3740 MISC MISC |
freeradius — freeradius | FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | 2017-04-05 | not yet calculated | CVE-2015-4680 SUSE MISC MISC BUGTRAQ BID SECTRACK CONFIRM |
gmv — checker_atm_security | GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03. | 2017-04-06 | not yet calculated | CVE-2017-6968 MISC |
go_ssh — go_ssh_library | The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism. | 2017-04-04 | not yet calculated | CVE-2017-3204 BID MISC CONFIRM CONFIRM MISC |
google — android | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099. | 2017-04-07 | not yet calculated | CVE-2017-0575 CONFIRM |
google — android | An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329. | 2017-04-05 | not yet calculated | CVE-2017-0329 BID CONFIRM |
google — android | An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33812508. References: N-CVE-2017-0332. | 2017-04-05 | not yet calculated | CVE-2017-0332 BID CONFIRM |
google — android | An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. References: N-CVE-2017-0328. | 2017-04-05 | not yet calculated | CVE-2017-0328 BID CONFIRM |
google — android | A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866. | 2017-04-07 | not yet calculated | CVE-2017-0543 CONFIRM CONFIRM |
google — android | An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722. | 2017-04-07 | not yet calculated | CVE-2017-0559 CONFIRM |
google — android | An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10 and Kernel 3.18. Android ID: A-33040280. References: N-CVE-2017-0325. | 2017-04-05 | not yet calculated | CVE-2017-0325 BID CONFIRM |
google — android | An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33899858. References: N-CVE-2017-0330. | 2017-04-05 | not yet calculated | CVE-2017-0330 BID CONFIRM |
google — android | An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-27930566. References: N-CVE-2017-0339. | 2017-04-05 | not yet calculated | CVE-2017-0339 BID CONFIRM |
google — android | A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721. | 2017-04-07 | not yet calculated | CVE-2017-0542 CONFIRM CONFIRM |
google — android | A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031. | 2017-04-07 | not yet calculated | CVE-2017-0540 CONFIRM CONFIRM |
google — android | A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018. | 2017-04-07 | not yet calculated | CVE-2017-0541 CONFIRM CONFIRM |
google — android | An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946. | 2017-04-07 | not yet calculated | CVE-2017-0554 CONFIRM |
google — android | An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067. | 2017-04-07 | not yet calculated | CVE-2017-0454 CONFIRM |
google — android | An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33893669. References: N-CVE-2017-0327. | 2017-04-05 | not yet calculated | CVE-2017-0327 BID CONFIRM |
google — android | An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775. | 2017-04-07 | not yet calculated | CVE-2017-0555 CONFIRM CONFIRM |
google — android | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350. | 2017-04-07 | not yet calculated | CVE-2017-0545 CONFIRM |
google — android | An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763. | 2017-04-07 | not yet calculated | CVE-2017-0546 CONFIRM |
google — android | An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560. | 2017-04-07 | not yet calculated | CVE-2017-0547 CONFIRM CONFIRM |
google — android | A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605. | 2017-04-07 | not yet calculated | CVE-2017-0548 CONFIRM |
google — android | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508. | 2017-04-07 | not yet calculated | CVE-2017-0549 CONFIRM CONFIRM |
google — android | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140. | 2017-04-07 | not yet calculated | CVE-2017-0550 CONFIRM CONFIRM |
google — android | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097231. | 2017-04-07 | not yet calculated | CVE-2017-0551 CONFIRM CONFIRM CONFIRM |
google — android | An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879. | 2017-04-07 | not yet calculated | CVE-2017-0544 CONFIRM |
google — android | A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300. | 2017-04-07 | not yet calculated | CVE-2017-0539 CONFIRM CONFIRM |
google — android | An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274. | 2017-04-07 | not yet calculated | CVE-2017-0558 CONFIRM CONFIRM |
google — android | An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952. | 2017-04-07 | not yet calculated | CVE-2017-0556 CONFIRM CONFIRM |
google — android | An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073. | 2017-04-07 | not yet calculated | CVE-2017-0557 CONFIRM CONFIRM |
google — android | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915. | 2017-04-07 | not yet calculated | CVE-2017-0552 CONFIRM CONFIRM |
google — android | An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. | 2017-04-07 | not yet calculated | CVE-2017-0553 CONFIRM |
google — android | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597. | 2017-04-07 | not yet calculated | CVE-2017-0572 CONFIRM |
google — android | A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814. | 2017-04-07 | not yet calculated | CVE-2017-0561 CONFIRM |
google — android | An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203. | 2017-04-07 | not yet calculated | CVE-2017-0564 CONFIRM |
google — android | An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516. | 2017-04-07 | not yet calculated | CVE-2017-0565 CONFIRM |
google — android | An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288. | 2017-04-07 | not yet calculated | CVE-2017-0462 CONFIRM |
google — android | An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367. | 2017-04-07 | not yet calculated | CVE-2017-0566 CONFIRM |
google — android | An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. References: M-ALPS02898189. | 2017-04-07 | not yet calculated | CVE-2017-0562 CONFIRM |
google — android | An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409. | 2017-04-07 | not yet calculated | CVE-2017-0563 CONFIRM |
google — android | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666. | 2017-04-07 | not yet calculated | CVE-2017-0569 CONFIRM |
google — android | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600. | 2017-04-07 | not yet calculated | CVE-2017-0568 CONFIRM |
google — android | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688. | 2017-04-07 | not yet calculated | CVE-2017-0570 CONFIRM |
google — android | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575. | 2017-04-07 | not yet calculated | CVE-2017-0567 CONFIRM |
google — android | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541. | 2017-04-07 | not yet calculated | CVE-2017-0571 CONFIRM |
google — android | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731. | 2017-04-07 | not yet calculated | CVE-2017-0584 CONFIRM |
google — android | An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951. | 2017-04-07 | not yet calculated | CVE-2017-0577 CONFIRM |
google — android | An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986. | 2017-04-07 | not yet calculated | CVE-2017-0580 CONFIRM |
google — android | An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788. | 2017-04-07 | not yet calculated | CVE-2017-0583 CONFIRM |
google — android | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539. | 2017-04-07 | not yet calculated | CVE-2017-0573 CONFIRM |
google — android | An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406. | 2017-04-07 | not yet calculated | CVE-2017-0578 CONFIRM |
google — android | A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588. | 2017-04-07 | not yet calculated | CVE-2017-0538 CONFIRM CONFIRM |
google — android | An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089. | 2017-04-07 | not yet calculated | CVE-2017-0576 CONFIRM |
google — android | An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406. | 2017-04-07 | not yet calculated | CVE-2017-0579 CONFIRM |
google — android | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189. | 2017-04-07 | not yet calculated | CVE-2017-0574 CONFIRM |
google — android | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953. | 2017-04-07 | not yet calculated | CVE-2017-0585 CONFIRM |
google — android | An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079. | 2017-04-07 | not yet calculated | CVE-2017-0560 CONFIRM |
google — android | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569. | 2017-04-07 | not yet calculated | CVE-2017-0586 CONFIRM |
google — android | An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485. | 2017-04-07 | not yet calculated | CVE-2017-0581 CONFIRM |
google — android | An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836. | 2017-04-07 | not yet calculated | CVE-2017-0582 CONFIRM |
hangzhou-xiongmai — uc_httpd | XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a “GET ../” HTTP request. | 2017-04-07 | not yet calculated | CVE-2017-7577 MISC |
helpdezk — helpdezk | HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. | 2017-04-05 | not yet calculated | CVE-2017-7446 MISC BID MISC |
helpdezk — helpdezk | HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code. | 2017-04-05 | not yet calculated | CVE-2017-7447 MISC MISC |
horde — horde_groupware_webmail_edition | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address. | 2017-04-04 | not yet calculated | CVE-2017-7413 CONFIRM |
horde — horde_groupware_webmail_edition | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user’s preferences, and has enabled the “Should PGP signed messages be automatically verified when viewed?” preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it. | 2017-04-04 | not yet calculated | CVE-2017-7414 CONFIRM |
huawei — V200R001C0_software | Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service. | 2017-04-02 | not yet calculated | CVE-2014-8572 CONFIRM |
huawei — cloud_engine_software | Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot. | 2017-04-02 | not yet calculated | CVE-2016-8790 CONFIRM BID |
huawei — e3272s_software | Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack. | 2017-04-02 | not yet calculated | CVE-2015-7847 CONFIRM |
huawei — honor_software | Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege. | 2017-04-02 | not yet calculated | CVE-2016-8768 CONFIRM BID |
huawei — mate_8_software | The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. | 2017-04-02 | not yet calculated | CVE-2016-8774 CONFIRM BID |
huawei — p9_software | ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory. | 2017-04-02 | not yet calculated | CVE-2016-8757 CONFIRM BID |
huawei — p9_software | Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. | 2017-04-02 | not yet calculated | CVE-2016-8776 CONFIRM BID |
huawei — router_software | Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion. | 2017-04-02 | not yet calculated | CVE-2016-8797 CONFIRM |
huawei — switch_software | Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets. | 2017-04-02 | not yet calculated | CVE-2016-8773 CONFIRM BID |
huawei — switch_software | Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation. | 2017-04-02 | not yet calculated | CVE-2016-2404 CONFIRM |
huawei — utps | Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed. | 2017-04-02 | not yet calculated | CVE-2016-8769 CONFIRM MISC BID |
huawei — v200r_software | Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping. | 2017-04-02 | not yet calculated | CVE-2014-8570 CONFIRM |
ibm — atlas_policy_suite | IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000771. | 2017-04-05 | not yet calculated | CVE-2016-6100 CONFIRM BID |
ibm — cognos_analytics | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887. | 2017-04-05 | not yet calculated | CVE-2016-3031 CONFIRM BID |
ibm — cognos_analytics | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887. | 2017-04-05 | not yet calculated | CVE-2016-3015 CONFIRM BID |
ibm — tririga_document_manager | The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084. | 2017-04-05 | not yet calculated | CVE-2017-1180 CONFIRM BID |
ibootbar — dataprobe | Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie. | 2017-04-07 | not yet calculated | CVE-2007-6760 MISC |
ibootbar — dataprobe | Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie. | 2017-04-07 | not yet calculated | CVE-2007-6759 MISC |
ilias — ilias | ILIAS before 5.2.3 has XSS via SVG documents. | 2017-04-07 | not yet calculated | CVE-2017-7583 CONFIRM CONFIRM CONFIRM |
imagemagick — imagemagick | coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file. | 2017-04-05 | not yet calculated | CVE-2014-9829 MLIST CONFIRM CONFIRM |
intel — hardware_accelerated_execution_manager | Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access. | 2017-04-04 | not yet calculated | CVE-2017-5683 CONFIRM |
intel — intel_compute_stick | The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. | 2017-04-03 | not yet calculated | CVE-2017-5684 CONFIRM |
intel — next_unit_of_computing | The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information. | 2017-04-03 | not yet calculated | CVE-2017-5685 BID CONFIRM |
intel — next_unit_of_computing | The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. | 2017-04-03 | not yet calculated | CVE-2017-5686 CONFIRM |
jensen_of_scandinavia — air_link | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to read passwords via a direct request to the x.asp page. | 2017-04-03 | not yet calculated | CVE-2016-10314 MISC |
jensen_of_scandinavia — air_link | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages. | 2017-04-03 | not yet calculated | CVE-2016-10315 MISC |
jensen_of_scandinavia — air_link | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout. | 2017-04-03 | not yet calculated | CVE-2016-10316 MISC |
jensen_of_scandinavia — air_link | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages. | 2017-04-03 | not yet calculated | CVE-2016-10312 MISC |
jensen_of_scandinavia — air_link | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages. | 2017-04-03 | not yet calculated | CVE-2016-10313 MISC |
lg — cistron | lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials. | 2017-04-03 | not yet calculated | CVE-2014-3930 MISC MISC |
lg — cougar | The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys. | 2017-04-03 | not yet calculated | CVE-2014-3929 MISC CONFIRM MISC |
lg — cougar | Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. | 2017-04-03 | not yet calculated | CVE-2014-3928 MISC CONFIRM MISC |
libming — libming | Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831. | 2017-04-07 | not yet calculated | CVE-2017-7578 CONFIRM |
libsndfile — libsndfile | In libsndfile before 1.0.28, an error in the “flac_buffer_copy()” function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | 2017-04-07 | not yet calculated | CVE-2017-7585 CONFIRM CONFIRM CONFIRM MISC |
libsndfile — libsndfile | In libsndfile before 1.0.28, an error in the “header_read()” function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | 2017-04-07 | not yet calculated | CVE-2017-7586 CONFIRM CONFIRM CONFIRM CONFIRM |
libxslt — libxslt | In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. | 2017-04-05 | not yet calculated | CVE-2015-9019 MISC MISC |
lightdm — lightdm | In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out. | 2017-04-05 | not yet calculated | CVE-2017-7358 CONFIRM CONFIRM CONFIRM CONFIRM |
linux — linux_kernel | udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. | 2017-04-04 | not yet calculated | CVE-2016-10229 CONFIRM CONFIRM BID CONFIRM |
linux — linux_kernel | The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. | 2017-04-04 | not yet calculated | CVE-2014-9922 CONFIRM CONFIRM BID CONFIRM |
linux — linux_kernel | The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. | 2017-04-05 | not yet calculated | CVE-2017-2671 MLIST BID CONFIRM MISC CONFIRM MISC |
linux — linux_kernel | A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. | 2017-04-04 | not yet calculated | CVE-2016-10318 CONFIRM CONFIRM BID CONFIRM |
little_snitch — little_snitch | Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file “at.obdev.littlesnitchd.plist” which gets installed to /Library/LaunchDaemons. | 2017-04-06 | not yet calculated | CVE-2017-2675 CONFIRM |
magento — news_module | SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | 2017-04-07 | not yet calculated | CVE-2017-7581 MISC |
mrlg4php — mrlg4php | mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | 2017-04-03 | not yet calculated | CVE-2014-3927 MISC CONFIRM MISC |
mybb — mybb | MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. | 2017-04-06 | not yet calculated | CVE-2017-7566 BID CONFIRM CONFIRM MISC |
nextcloud — server | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the “files” app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. | 2017-04-05 | not yet calculated | CVE-2017-0888 MISC CONFIRM |
nextcloud — server | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service. | 2017-04-05 | not yet calculated | CVE-2017-0886 MISC CONFIRM |
nextcloud — server | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator. | 2017-04-05 | not yet calculated | CVE-2017-0887 MISC CONFIRM |
nextcloud — server | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | 2017-04-05 | not yet calculated | CVE-2017-0884 MISC CONFIRM |
nextcloud — server | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a ‘read’ permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for. | 2017-04-05 | not yet calculated | CVE-2017-0883 MISC CONFIRM |
nextcloud — server | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages. | 2017-04-05 | not yet calculated | CVE-2017-0885 MISC CONFIRM |
nix — nixos | NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. | 2017-04-03 | not yet calculated | CVE-2017-7412 CONFIRM CONFIRM CONFIRM |
opendaylight — opendaylight | OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to “fake LLDP injection.” | 2017-04-04 | not yet calculated | CVE-2015-1611 MISC BID CONFIRM CONFIRM CONFIRM CONFIRM |
opendaylight — opendaylight | OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka “LLDP Relay.” | 2017-04-04 | not yet calculated | CVE-2015-1612 MISC BID CONFIRM CONFIRM CONFIRM CONFIRM |
openstack — horizon | OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. | 2017-04-03 | not yet calculated | CVE-2017-7400 BID CONFIRM |
phpmyfaq — phpmyfaq | inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | 2017-04-07 | not yet calculated | CVE-2017-7579 CONFIRM CONFIRM |
pivotx — pivotx | PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | 2017-04-07 | not yet calculated | CVE-2017-7570 MISC |
pixie — pixie | Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg. | 2017-04-03 | not yet calculated | CVE-2017-7402 MISC |
podofo — podofo | The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | 2017-04-03 | not yet calculated | CVE-2017-7380 BID MISC |
podofo — podofo | The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | 2017-04-03 | not yet calculated | CVE-2017-7383 BID MISC |
podofo — podofo | The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | 2017-04-03 | not yet calculated | CVE-2017-7382 BID MISC |
proftpd — proftpd | ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user. | 2017-04-04 | not yet calculated | CVE-2017-7418 CONFIRM BID CONFIRM CONFIRM CONFIRM |
pulp_project — pulp | Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | 2017-04-03 | not yet calculated | CVE-2013-7450 MLIST MLIST MLIST CONFIRM CONFIRM CONFIRM |
qualcomm — qualcomm_innovation_center | The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket. | 2017-04-04 | not yet calculated | CVE-2016-5870 BID CONFIRM CONFIRM |
qualcomm — qualcomm_secure_execution_environment | The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application’s HLOS client. | 2017-04-06 | not yet calculated | CVE-2016-5349 BID CONFIRM CONFIRM CONFIRM |
radare — radare2 | The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. | 2017-04-03 | not yet calculated | CVE-2017-6194 BID CONFIRM CONFIRM |
radare — radare2 | The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. | 2017-04-03 | not yet calculated | CVE-2017-6448 BID CONFIRM CONFIRM |
riverbed — riverbed_optimization_system | Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks. | 2017-04-04 | not yet calculated | CVE-2017-5670 MISC BID MISC |
riverbed — riverbed_optimization_system | Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file. | 2017-04-04 | not yet calculated | CVE-2017-7307 MISC MISC |
rogue_wave — jviews | Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called. | 2017-04-06 | not yet calculated | CVE-2015-8965 CONFIRM |
ruby — ruby | The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. | 2017-04-03 | not yet calculated | CVE-2017-6181 BID CONFIRM CONFIRM |
schneider_electric — conext_combox | An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot. | 2017-04-07 | not yet calculated | CVE-2017-6019 CONFIRM MISC |
schneider_electric — interactive_graphical_scada_system_software | A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path. | 2017-04-07 | not yet calculated | CVE-2017-6033 CONFIRM MISC |
schneider_electric — modicon | Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded. | 2017-04-06 | not yet calculated | CVE-2017-7575 MISC |
schneider_electric — somachine_basic | Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. | 2017-04-06 | not yet calculated | CVE-2017-7574 MISC |
sophos — cyberoam | Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5. | 2017-04-07 | not yet calculated | CVE-2016-7786 MISC |
spiceworks — spiceworks | The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file. | 2017-04-06 | not yet calculated | CVE-2017-7237 MISC MISC EXPLOIT-DB |
splunkbase — splunk_hadoop_connect_app | Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | 2017-04-06 | not yet calculated | CVE-2017-7565 CONFIRM |
starscream — starscream | WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | 2017-04-06 | not yet calculated | CVE-2017-7192 CONFIRM CONFIRM |
starscream — starscream | WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). | 2017-04-06 | not yet calculated | CVE-2017-5887 CONFIRM CONFIRM |
technicolor — tc7200_firmware | Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | 2017-04-03 | not yet calculated | CVE-2014-1677 FULLDISC EXPLOIT-DB BUGTRAQ XF MISC |
textract — textract | textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files. | 2017-04-06 | not yet calculated | CVE-2016-10320 MISC |
tool_writeout.c — tool_writeout.c | The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a –write-out argument ending in a ‘%’ character, which leads to a heap-based buffer over-read. | 2017-04-03 | not yet calculated | CVE-2017-7407 MISC |
trend_micro — interscan_web_security_virtual_appliance | Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a ‘Reports Only’ user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like ‘Auditor’) to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages. | 2017-04-05 | not yet calculated | CVE-2017-6340 MISC MISC |
trend_micro — interscan_web_security_virtual_appliance | Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase. | 2017-04-05 | not yet calculated | CVE-2017-6339 MISC MISC |
trend_micro — interscan_web_security_virtual_appliance | Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like ‘Reports Only’ or ‘Auditor’ to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. | 2017-04-05 | not yet calculated | CVE-2017-6338 BID MISC MISC |
tryton — tryton | file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a “same root name but with a suffix” attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242. | 2017-04-04 | not yet calculated | CVE-2017-0360 CONFIRM CONFIRM |
vbulletin — vbulletin | In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. | 2017-04-06 | not yet calculated | CVE-2017-7569 CONFIRM |
veritas — veritas_system_recovery | In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed. | 2017-04-05 | not yet calculated | CVE-2017-7444 BID CONFIRM |
websitebaker — websitebaker | Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter. | 2017-04-03 | not yet calculated | CVE-2017-7410 CONFIRM CONFIRM |
wordpress — wordpress | The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI. | 2017-04-02 | not yet calculated | CVE-2017-1001000 MLIST MISC MISC CONFIRM MISC CONFIRM CONFIRM CONFIRM |
xen_project — xen | An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. | 2017-04-04 | not yet calculated | CVE-2017-7228 CONFIRM BID CONFIRM MISC |
yaml — yaml | The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | 2017-04-03 | not yet calculated | CVE-2017-5950 BID MISC |
yara — yara | libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function. | 2017-04-03 | not yet calculated | CVE-2017-5923 CONFIRM CONFIRM |
yara — yara | libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function. | 2017-04-03 | not yet calculated | CVE-2016-10210 CONFIRM CONFIRM |
yara — yara | libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function. | 2017-04-03 | not yet calculated | CVE-2017-5924 CONFIRM CONFIRM |
yara — yara | libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function. | 2017-04-03 | not yet calculated | CVE-2016-10211 CONFIRM CONFIRM |
zyxel — emg2926_router_firmware | A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. | 2017-04-06 | not yet calculated | CVE-2017-6884 EXPLOIT-DB |
OTHER RESOURCES: |
Contact Us | Security Publications | Alerts and Tips | Related Resources |
Remember, these security alerts represent neither an endorsement nor condemnation of any product brand name or business or its offerings and are offered as an informational courtesy.
– SHD