SB17-093: Vulnerability Summary for the Week of March 27, 2017

Original release date: April 03, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
allwinnertech — linux-3.4-sunxi The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending “rootmydevice” to /proc/sunxi_debug/sunxi_debug. 2017-03-27 7.2 CVE-2016-10225
MLIST
MLIST
BID
CONFIRM
MISC
MISC
apache — camel Apache Camel’s Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. 2017-03-28 7.5 CVE-2016-8749
CONFIRM
BID
apache — poi Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. 2017-03-24 7.1 CVE-2017-5644
CONFIRM
BID
artifex — mujs Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions. 2017-03-24 7.5 CVE-2016-10133
CONFIRM
MLIST
MLIST
CONFIRM
FEDORA
eviewgps — ev-07s_gps_tracker_firmware Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker’s phone number can revert the device to a factory default configuration with an SMS command, “RESET!” 2017-03-27 7.8 CVE-2017-5237
BID
MISC
gnu — gnutls Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. 2017-03-24 7.5 CVE-2017-5334
SUSE
MLIST
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
GENTOO
gnu — gnutls Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. 2017-03-24 7.5 CVE-2017-5336
SUSE
MLIST
MLIST
BID
SECTRACK
MISC
CONFIRM
CONFIRM
GENTOO
gnu — gnutls Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. 2017-03-24 7.5 CVE-2017-5337
SUSE
MLIST
MLIST
BID
SECTRACK
MISC
MISC
CONFIRM
CONFIRM
GENTOO
hesiod_project — hesiod The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the “.athena.mit.edu” default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. 2017-03-28 10.0 CVE-2016-10152
MLIST
BID
CONFIRM
CONFIRM
huawei — ar3200_firmware Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. 2017-03-24 10.0 CVE-2016-6206
CONFIRM
BID
huawei — mate_s_firmware The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application. 2017-03-24 7.1 CVE-2015-8678
CONFIRM
imagemagick — imagemagick coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. 2017-03-24 7.5 CVE-2016-10144
MLIST
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. 2017-03-24 7.5 CVE-2016-10145
MLIST
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. 2017-03-24 7.8 CVE-2016-10146
MLIST
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. 2017-03-24 7.8 CVE-2017-5507
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. 2017-03-24 7.5 CVE-2017-5511
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
intelliants — subrion_cms Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. 2017-03-26 7.5 CVE-2017-6013
BID
MISC
irssi — irssi The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. 2017-03-27 7.5 CVE-2017-7191
BID
CONFIRM
CONFIRM
libgit2_project — libgit2 Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. 2017-03-24 7.5 CVE-2016-10128
SUSE
SUSE
SUSE
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. 2017-03-28 7.2 CVE-2017-7294
BID
MISC
MISC
linux — linux_kernel The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls. 2017-03-29 7.2 CVE-2017-7308
BID
CONFIRM
microsoft — iis Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If: 2017-03-26 10.0 CVE-2017-7269
BID
MISC
MISC
MISC
MISC
modx — modx_revolution setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. 2017-03-30 7.5 CVE-2017-7321
BID
MISC
modx — modx_revolution setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. 2017-03-30 7.5 CVE-2017-7324
BID
MISC
moodle — moodle In Moodle 2.x and 3.x, SQL injection can occur via user preferences. 2017-03-26 7.5 CVE-2017-2641
BID
CONFIRM
openbsd — openbsd httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header. 2017-03-27 7.8 CVE-2017-5850
MLIST
MISC
FULLDISC
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
MISC
EXPLOIT-DB
putty — putty The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. 2017-03-27 7.5 CVE-2017-6542
SUSE
CONFIRM
BID
CONFIRM
GENTOO
qemu — qemu Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. 2017-03-24 10.0 CVE-2015-8556
MISC
GENTOO
EXPLOIT-DB
qemu — qemu Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow. 2017-03-27 7.2 CVE-2017-5931
CONFIRM
MLIST
BID
CONFIRM
MLIST
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session. 2017-03-27 7.5 CVE-2016-9125
MISC
MISC
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim’s machine by virtually downloading a file from a trusted domain. 2017-03-27 9.3 CVE-2016-9470
MISC
MISC
solarwinds — log_and_event_manager SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. 2017-03-24 7.2 CVE-2017-5198
MISC
BID

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
amd — ryzen The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. 2017-03-24 4.9 CVE-2017-7262
MISC
MISC
BID
MISC
MISC
artifex — mupdf Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. 2017-03-26 6.8 CVE-2017-7264
MISC
BID
MISC
brave — browser Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. 2017-03-27 4.3 CVE-2016-9473
BID
MISC
MISC
MISC
broadcom — bcm4339_soc_firmware Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156). 2017-03-27 6.8 CVE-2017-6957
MISC
BID
MISC
call-cc — chicken The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). 2017-03-29 5.0 CVE-2015-4556
MLIST
MLIST
MLIST
CONFIRM
canonical — ubuntu_core An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle ‘restart’ operations removing AppArmor profiles that aren’t found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what’s done by LXD and Docker, are affected by this flaw in the AppArmor init script logic. 2017-03-24 4.3 CVE-2017-6507
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
clusterlabs — pacemaker Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. 2017-03-24 5.0 CVE-2016-7797
CONFIRM
SUSE
SUSE
SUSE
REDHAT
MLIST
BID
CONFIRM
debian — debian_linux XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. 2017-03-24 5.0 CVE-2016-10149
DEBIAN
MLIST
CONFIRM
CONFIRM
MISC
CONFIRM
dotcms — dotcms dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. 2017-03-26 4.3 CVE-2017-6003
BID
MISC
eclipse — tinydtls Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a “Change cipher spec” packet without pre-handshake. 2017-03-24 5.0 CVE-2017-7243
BID
MISC
MISC
eonweb_project — eonweb EyesOfNetwork (“EON”) 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php. 2017-03-24 6.5 CVE-2017-6087
MLIST
BID
CONFIRM
eviewgps — ev-07s_gps_tracker_firmware Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. 2017-03-27 5.0 CVE-2017-5238
BID
MISC
eviewgps — ev-07s_gps_tracker_firmware Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener. 2017-03-27 5.0 CVE-2017-5239
BID
MISC
exfat_prokect — exfat Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem. 2017-03-27 6.8 CVE-2015-8026
MLIST
BID
MISC
CONFIRM
CONFIRM
GENTOO
extraputty — extraputty The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message. 2017-03-27 5.0 CVE-2017-7183
MISC
BUGTRAQ
BID
f5 — big-ip_webaccelerator The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. 2017-03-27 5.0 CVE-2016-9252
CONFIRM
fedoraproject — fedora regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. 2017-03-24 5.0 CVE-2016-10132
CONFIRM
MLIST
MLIST
CONFIRM
FEDORA
fedoraproject — fedora The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. 2017-03-28 4.3 CVE-2016-8884
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
FEDORA
FEDORA
fedoraproject — fedora ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. 2017-03-27 6.8 CVE-2017-5330
MLIST
BID
CONFIRM
CONFIRM
FEDORA
GENTOO
firebirdsql — firebird Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a ‘system’ entrypoint from fbudf.so. 2017-03-24 6.5 CVE-2017-6369
CONFIRM
BID
fomori — cherrymusic Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the “value” parameter to “download.” 2017-03-27 4.0 CVE-2015-8309
CONFIRM
BID
CONFIRM
CONFIRM
EXPLOIT-DB
freeradius — freeradius The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. 2017-03-27 4.3 CVE-2015-8762
CONFIRM
MLIST
freeradius — freeradius The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. 2017-03-27 6.8 CVE-2015-8763
CONFIRM
MLIST
freeradius — freeradius Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. 2017-03-27 6.8 CVE-2015-8764
CONFIRM
MLIST
getsymphony — symphony_cms Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. 2017-03-26 4.3 CVE-2017-6067
BID
MISC
gnu — bash The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a ” (double quote) character and a command substitution metacharacter. 2017-03-27 4.6 CVE-2017-5932
CONFIRM
MLIST
BID
MLIST
gnu — binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash. 2017-03-29 4.3 CVE-2017-7299
BID
CONFIRM
gnu — binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. 2017-03-29 5.0 CVE-2017-7300
BID
CONFIRM
gnu — binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash. 2017-03-29 5.0 CVE-2017-7301
BID
CONFIRM
gnu — binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. 2017-03-29 5.0 CVE-2017-7302
BID
CONFIRM
gnu — binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash. 2017-03-29 5.0 CVE-2017-7303
BID
CONFIRM
gnu — binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash. 2017-03-29 5.0 CVE-2017-7304
BID
CONFIRM
gnu — gnutls The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. 2017-03-24 5.0 CVE-2017-5335
SUSE
MLIST
MLIST
BID
SECTRACK
MISC
CONFIRM
CONFIRM
GENTOO
go-jose_project — go-jose go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack. 2017-03-27 6.4 CVE-2016-9121
MISC
MISC
MISC
go-jose_project — go-jose go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated. 2017-03-27 5.0 CVE-2016-9122
MISC
MISC
MISC
go-jose_project — go-jose go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures. 2017-03-27 5.0 CVE-2016-9123
MISC
MISC
MISC
ibm — cognos_business_intelligence IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user’s cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718. 2017-03-27 6.5 CVE-2016-8960
CONFIRM
BID
ibm — kenexa_lcms_premier IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874. 2017-03-27 4.0 CVE-2017-1142
CONFIRM
BID
ibm — security_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359. 2017-03-27 4.3 CVE-2016-6102
CONFIRM
BID
ibm — tririga_application_platform IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563. 2017-03-27 6.5 CVE-2017-1153
CONFIRM
BID
ibm — websphere_portal IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152. 2017-03-27 4.3 CVE-2017-1120
CONFIRM
BID
imagemagick — imagemagick Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. 2017-03-24 6.8 CVE-2017-5506
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file. 2017-03-24 4.3 CVE-2017-5508
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. 2017-03-24 6.8 CVE-2017-5509
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. 2017-03-24 6.8 CVE-2017-5510
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. 2017-03-27 4.3 CVE-2017-7275
BID
MISC
MISC
intelliants — subrion_cms Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. 2017-03-26 6.8 CVE-2017-6002
MISC
intelliants — subrion_cms Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. 2017-03-26 6.8 CVE-2017-6066
BID
MISC
intelliants — subrion_cms Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. 2017-03-26 6.8 CVE-2017-6068
BID
MISC
intelliants — subrion_cms Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. 2017-03-26 6.8 CVE-2017-6069
BID
MISC
libgit2_project — libgit2 The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. 2017-03-24 5.0 CVE-2016-10129
SUSE
SUSE
SUSE
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
libgit2_project — libgit2 The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. 2017-03-24 4.3 CVE-2016-10130
SUSE
SUSE
SUSE
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
libtiff — libtiff LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. 2017-03-24 4.3 CVE-2016-10266
BID
MISC
MISC
libtiff — libtiff LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. 2017-03-24 4.3 CVE-2016-10267
BID
MISC
MISC
libtiff — libtiff tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to “READ of size 78490” and libtiff/tif_unix.c:115:23. 2017-03-24 6.8 CVE-2016-10268
BID
MISC
MISC
libtiff — libtiff LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to “READ of size 512” and libtiff/tif_unix.c:340:2. 2017-03-24 6.8 CVE-2016-10269
BID
MISC
MISC
libtiff — libtiff LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to “READ of size 8” and libtiff/tif_read.c:523:22. 2017-03-24 6.8 CVE-2016-10270
BID
MISC
MISC
libtiff — libtiff tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to “READ of size 1” and libtiff/tif_fax3.c:413:13. 2017-03-24 6.8 CVE-2016-10271
BID
MISC
MISC
libtiff — libtiff LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to “WRITE of size 2048” and libtiff/tif_next.c:64:9. 2017-03-24 6.8 CVE-2016-10272
BID
MISC
MISC
linux — linux_kernel The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. 2017-03-24 4.9 CVE-2017-7261
MISC
BID
MISC
MISC
linux — linux_kernel The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel’s internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c. 2017-03-28 6.6 CVE-2017-7277
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
miele_professional — pst10_webserver An issue was discovered on Miele Professional PG 8528 PST10 devices. The corresponding embedded webserver “PST10 WebServer” typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. 2017-03-24 5.0 CVE-2017-7240
MISC
BID
modx — modx_revolution setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value. 2017-03-30 4.3 CVE-2017-7320
BID
MISC
modx — modx_revolution The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. 2017-03-30 6.8 CVE-2017-7322
BID
MISC
modx — modx_revolution The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism. 2017-03-30 6.8 CVE-2017-7323
BID
MISC
moodle — moodle In Moodle 3.2.x, global search displays user names for unauthenticated users. 2017-03-26 5.0 CVE-2017-2643
BID
CONFIRM
moodle — moodle In Moodle 3.x, XSS can occur via evidence of prior learning. 2017-03-26 4.3 CVE-2017-2644
BID
CONFIRM
moodle — moodle In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. 2017-03-26 4.3 CVE-2017-2645
BID
CONFIRM
netflix — security_monkey Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the “next” parameter which then redirects to any domain irrespective of the Host header. 2017-03-26 5.8 CVE-2017-7266
BID
CONFIRM
CONFIRM
CONFIRM
nextcloud — nextcloud Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. 2017-03-27 5.0 CVE-2016-9460
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nextcloud — nextcloud Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group. 2017-03-27 4.0 CVE-2016-9464
MISC
MISC
MISC
MISC
MISC
MISC
nextcloud — nextcloud Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. 2017-03-27 5.0 CVE-2016-9467
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nextcloud — nextcloud Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. 2017-03-27 5.0 CVE-2016-9468
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ntp — ntp The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. 2017-03-27 4.6 CVE-2017-6451
CONFIRM
CONFIRM
BID
SECTRACK
ntp — ntp Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. 2017-03-27 4.6 CVE-2017-6452
CONFIRM
CONFIRM
BID
SECTRACK
ntp — ntp NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. 2017-03-27 4.4 CVE-2017-6455
CONFIRM
CONFIRM
BID
SECTRACK
ntp — ntp Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. 2017-03-27 6.5 CVE-2017-6458
CONFIRM
CONFIRM
BID
SECTRACK
ntp — ntp Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. 2017-03-27 6.5 CVE-2017-6460
CONFIRM
CONFIRM
BID
SECTRACK
ntp — ntp Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. 2017-03-27 4.6 CVE-2017-6462
CONFIRM
CONFIRM
BID
SECTRACK
ntp — ntp NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. 2017-03-27 4.0 CVE-2017-6463
CONFIRM
CONFIRM
BID
SECTRACK
ntp — ntp NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. 2017-03-27 4.0 CVE-2017-6464
CONFIRM
CONFIRM
BID
SECTRACK
nuxeo — nuxeo Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header. 2017-03-24 6.5 CVE-2017-5869
MLIST
BID
openslp — openslp The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure. 2017-03-27 5.0 CVE-2016-4912
MLIST
SECTRACK
CONFIRM
opensuse_project — leap Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. 2017-03-27 4.3 CVE-2015-8010
SUSE
MLIST
MLIST
BID
CONFIRM
owncloud — owncloud Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed. 2017-03-27 4.3 CVE-2016-9459
MISC
MISC
MISC
MISC
MISC
MISC
MISC
owncloud — owncloud Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. 2017-03-27 4.0 CVE-2016-9461
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
owncloud — owncloud Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions. 2017-03-27 4.0 CVE-2016-9462
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
owncloud — owncloud Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you’re not affected by this vulnerability. 2017-03-27 6.8 CVE-2016-9463
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
owncloud — owncloud Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability. 2017-03-27 4.3 CVE-2016-9466
MISC
MISC
MISC
MISC
MISC
MISC
php — php PHP through 7.1.3 enables potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. 2017-03-27 5.8 CVE-2017-7272
BID
CONFIRM
CONFIRM
potrace_project — potrace The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698. 2017-03-26 6.8 CVE-2017-7263
BID
MISC
radare — radare2 The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. 2017-03-27 4.3 CVE-2017-7274
BID
CONFIRM
CONFIRM
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress. 2017-03-27 5.0 CVE-2016-9124
MISC
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed. 2017-03-27 6.8 CVE-2016-9127
MISC
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username. 2017-03-27 5.0 CVE-2016-9129
MISC
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver’s user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`. 2017-03-27 6.8 CVE-2016-9455
BID
MISC
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. 2017-03-27 6.8 CVE-2016-9456
BID
MISC
MISC
s-nail_project — s-nail Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument. 2017-03-27 6.9 CVE-2017-5899
MLIST
MLIST
BID
MLIST
siemens — ruggedcom_rox_i Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information. 2017-03-28 4.0 CVE-2017-2686
BID
CONFIRM
siemens — ruggedcom_rox_i Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link. 2017-03-28 4.3 CVE-2017-2687
BID
CONFIRM
siemens — ruggedcom_rox_i The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. 2017-03-28 6.8 CVE-2017-2688
BID
CONFIRM
siemens — ruggedcom_rox_i Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. 2017-03-28 6.5 CVE-2017-2689
BID
CONFIRM
solarwinds — log_and_event_manager The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. 2017-03-24 6.5 CVE-2017-5199
MISC
BID
uclibc-ng_project — uclibc-ng The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply. 2017-03-24 5.0 CVE-2016-2224
CONFIRM
MLIST
MLIST
BID
CONFIRM
uclibc-ng_project — uclibc-ng The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet. 2017-03-24 5.0 CVE-2016-2225
CONFIRM
MLIST
MLIST
BID
CONFIRM
yii_software — yii Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. 2017-03-27 4.3 CVE-2017-7271
BID
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cmsmadesimple — cms_made_simple XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_title parameter. Someone must login to conduct the attack. 2017-03-24 3.5 CVE-2017-7255
MISC
cmsmadesimple — cms_made_simple XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_summary parameter. Someone must login to conduct the attack. 2017-03-24 3.5 CVE-2017-7256
MISC
BID
cmsmadesimple — cms_made_simple XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_content parameter. Someone must login to conduct the attack. 2017-03-24 3.5 CVE-2017-7257
MISC
BID
f5 — big-ip_webaccelerator In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. 2017-03-27 2.1 CVE-2016-7474
BID
CONFIRM
fomori — cherrymusic Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist. 2017-03-27 3.5 CVE-2015-8310
CONFIRM
BID
CONFIRM
CONFIRM
ibm — call_center_for_commerce IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000442. 2017-03-27 3.5 CVE-2016-6056
CONFIRM
BID
ibm — kenexa_lcms_premier IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874. 2017-03-27 3.5 CVE-2017-1143
CONFIRM
BID
ibm — tririga_application_platform IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200. 2017-03-27 3.5 CVE-2016-9737
CONFIRM
BID
metinfo — metinfo Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. 2017-03-27 3.5 CVE-2017-6878
MISC
FULLDISC
BID
miniupnp_project — minisspd The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value. 2017-03-24 2.1 CVE-2016-3178
MISC
MLIST
CONFIRM
CONFIRM
miniupnp_project — minisspd The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling. 2017-03-24 2.1 CVE-2016-3179
MISC
MLIST
CONFIRM
CONFIRM
moodle — moodle In Moodle 3.2.2+, there is XSS in the Course summary filter of the “Add a new course” page, as demonstrated by a crafted attribute of an SVG element. 2017-03-29 3.5 CVE-2017-7298
MISC
BID
netcomm — nb16wv-02_firmware Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm. 2017-03-29 3.5 CVE-2017-5900
FULLDISC
BID
nextcloud — nextcloud Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack. 2017-03-27 3.5 CVE-2016-9465
MISC
MISC
MISC
MISC
MISC
MISC
ntp — ntp The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. 2017-03-27 2.1 CVE-2017-6459
CONFIRM
CONFIRM
BID
SECTRACK
oneplus — oxygenos With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information. 2017-03-26 3.6 CVE-2017-5622
BID
MISC
qemu — qemu The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. 2017-03-27 2.1 CVE-2016-9922
CONFIRM
MLIST
BID
CONFIRM
MLIST
qemu — qemu The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. 2017-03-27 2.1 CVE-2017-5973
CONFIRM
MLIST
BID
CONFIRM
MLIST
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account. 2017-03-27 3.5 CVE-2016-9126
MISC
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL. 2017-03-27 3.5 CVE-2016-9128
MISC
MISC
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn’t properly escaped when displayed in the campaign-zone.php script. 2017-03-27 3.5 CVE-2016-9130
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn’t properly escaped when displayed in most of the banner related pages. 2017-03-27 3.5 CVE-2016-9454
BID
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others. 2017-03-27 3.5 CVE-2016-9457
BID
MISC
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren’t properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver. 2017-03-27 2.1 CVE-2016-9471
MISC
MISC
revive-adserver — revive_adserver Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective. 2017-03-27 3.5 CVE-2016-9472
MISC
MISC
MISC
siemens — ruggedcom_rox_i The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. 2017-03-28 3.5 CVE-2017-6864
BID
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat_reader
 
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution. 2017-03-31 not yet calculated CVE-2017-3010
CONFIRM
adobe — acrobat_reader
 
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure. 2017-03-31 not yet calculated CVE-2017-3009
CONFIRM
apache — ambari
 
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process. 2017-03-28 not yet calculated CVE-2016-6807
BID
CONFIRM
apache — ambari
 
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. 2017-03-29 not yet calculated CVE-2016-4976
BID
CONFIRM
apache — ambari
 
The certificate signing REST API in Apache Ambari before 2.4.0 allows remote attackers to execute arbitrary code via shell metacharacters in the agentHostname value. 2017-03-29 not yet calculated CVE-2014-3582
CONFIRM
MISC
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Phone” component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app. 2017-04-01 not yet calculated CVE-2017-2484
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “iTunes Store” component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP. 2017-04-01 not yet calculated CVE-2017-2412
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the the “Profiles” component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support. 2017-04-01 not yet calculated CVE-2017-2380
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “DataAccess” component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address. 2017-04-01 not yet calculated CVE-2017-2414
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Accounts” component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen. 2017-04-01 not yet calculated CVE-2017-2397
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the “Safari” component. It allows local users to identify the web-site visits that occurred in Private Browsing mode. 2017-04-01 not yet calculated CVE-2017-2384
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Siri” component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors. 2017-04-01 not yet calculated CVE-2017-2452
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2389
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Safari Reader” component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2393
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Pasteboard” component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode). 2017-04-01 not yet calculated CVE-2017-2399
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “SafariViewController” component. It allows attackers to obtain sensitive information by leveraging the SafariViewController’s incorrect synchronization of Safari cache clearing. 2017-04-01 not yet calculated CVE-2017-2400
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Quick Look” component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016. 2017-04-01 not yet calculated CVE-2017-2404
CONFIRM
MISC
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “HomeKit” component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center. 2017-04-01 not yet calculated CVE-2017-2434
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Printing” component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL. 2017-04-01 not yet calculated CVE-2017-2403
CONFIRM
apple — macos_server
 
An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the “Wiki Server” component. It allows remote attackers to enumerate user accounts via unspecified vectors. 2017-04-01 not yet calculated CVE-2017-2382
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “AppleGraphicsPowerManagement” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2017-04-01 not yet calculated CVE-2017-2421
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “QuickTime” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file. 2017-04-01 not yet calculated CVE-2017-2413
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “CoreMedia” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file. 2017-04-01 not yet calculated CVE-2017-2431
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOFireWireAVC” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2436
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Multi-Touch” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2422
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. 2017-04-01 not yet calculated CVE-2017-2489
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2427
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the “System Integrity Protection” component. It allows attackers to modify the contents of a protected disk location via a crafted app. 2017-04-01 not yet calculated CVE-2017-6974
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2420
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. 2017-04-01 not yet calculated CVE-2017-2410
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “FinderKit” component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action. 2017-04-01 not yet calculated CVE-2017-2429
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “SecurityFoundation” component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate. 2017-04-01 not yet calculated CVE-2017-2425
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “iBooks” component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file. 2017-04-01 not yet calculated CVE-2017-2426
MISC
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “sudo” component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server. 2017-04-01 not yet calculated CVE-2017-2381
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “libxslt” component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2017-04-01 not yet calculated CVE-2017-2477
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the “EFI” component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter. 2017-04-01 not yet calculated CVE-2016-7585
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOATAFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2408
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOFireWireFamily” component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2388
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the “MCX Client” component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained. 2017-04-01 not yet calculated CVE-2017-2402
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Menus” component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2409
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2449
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOFireWireAVC” component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. 2017-04-01 not yet calculated CVE-2017-2437
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “AppleRAID” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2438
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Hypervisor” component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors. 2017-04-01 not yet calculated CVE-2017-2418
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2443
CONFIRM
apple — safari
 
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the “Safari Login AutoFill” component. It allows local users to obtain access to locked keychain items via unspecified vectors. 2017-04-01 not yet calculated CVE-2017-2385
CONFIRM
apple — safari
 
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2392
CONFIRM
apple — software An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2473
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2459
CONFIRM
CONFIRM
CONFIRM
apple — software An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2470
CONFIRM
CONFIRM
CONFIRM
apple — software An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the “APNs Server” component. It allows man-in-the-middle attackers to track users via correlation with this certificate. 2017-04-01 not yet calculated CVE-2017-2383
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. 2017-04-01 not yet calculated CVE-2017-2462
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2457
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2463
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2466
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2464
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2465
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Keyboards” component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app. 2017-04-01 not yet calculated CVE-2017-2458
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “ImageIO” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. 2017-04-01 not yet calculated CVE-2017-2467
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code by leveraging an unspecified “type confusion.” 2017-04-01 not yet calculated CVE-2017-2415
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2469
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2017-04-01 not yet calculated CVE-2017-2478
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2468
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2460
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app. 2017-04-01 not yet calculated CVE-2017-2482
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreText” component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message. 2017-04-01 not yet calculated CVE-2017-2461
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2479
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “FontParser” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. 2017-04-01 not yet calculated CVE-2017-2406
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2395
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2386
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the “libarchive” component. It allows local users to change arbitrary directory permissions via unspecified vectors. 2017-04-01 not yet calculated CVE-2017-2390
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “FontParser” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. 2017-04-01 not yet calculated CVE-2017-2407
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2396
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2480
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the “Export” component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4. 2017-04-01 not yet calculated CVE-2017-2391
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Carbon” component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted .dfont file. 2017-04-01 not yet calculated CVE-2017-2379
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2367
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the “WebKit” component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. 2017-04-01 not yet calculated CVE-2017-2378
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2398
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit Web Inspector” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2405
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit Web Inspector” component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state. 2017-04-01 not yet calculated CVE-2017-2377
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2401
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page. 2017-04-01 not yet calculated CVE-2017-2376
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit JavaScript Bindings” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2442
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2394
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Security” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2451
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “FontParser” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. 2017-04-01 not yet calculated CVE-2017-2487
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2453
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “libc++abi” component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling. 2017-04-01 not yet calculated CVE-2017-2441
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2440
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the “WebKit” component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2424
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the “Security” component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature. 2017-04-01 not yet calculated CVE-2017-2423
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2454
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to spoof the address bar via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2486
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2490
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2447
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. 2017-04-01 not yet calculated CVE-2017-2446
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. 2017-04-01 not yet calculated CVE-2017-2445
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreGraphics” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2444
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreText” component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. 2017-04-01 not yet calculated CVE-2017-2450
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the “Keychain” component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets. 2017-04-01 not yet calculated CVE-2017-2448
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors. 2017-04-01 not yet calculated CVE-2017-2419
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreGraphics” component. It allows remote attackers to cause a denial of service (infinite recursion) via a crafted image. 2017-04-01 not yet calculated CVE-2017-2417
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. 2017-04-01 not yet calculated CVE-2017-2472
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app. 2017-04-01 not yet calculated CVE-2017-2474
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app. 2017-04-01 not yet calculated CVE-2017-2483
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the “WebKit” component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2471
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Security” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file. 2017-04-01 not yet calculated CVE-2017-2485
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2476
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site. 2017-04-01 not yet calculated CVE-2017-2475
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. 2017-04-01 not yet calculated CVE-2017-2456
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2455
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. 2017-04-01 not yet calculated CVE-2017-2430
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the “HTTPProtocol” component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors. 2017-04-01 not yet calculated CVE-2017-2428
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “ImageIO” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file. 2017-04-01 not yet calculated CVE-2017-2416
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “FontParser” component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. 2017-04-01 not yet calculated CVE-2017-2439
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “CoreText” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. 2017-04-01 not yet calculated CVE-2017-2435
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “ImageIO” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. 2017-04-01 not yet calculated CVE-2017-2432
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2433
CONFIRM
CONFIRM
apple — software
 
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-04-01 not yet calculated CVE-2017-2481
MISC
CONFIRM
CONFIRM
CONFIRM
auromeera — emli_portal
 
HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0. 2017-03-29 not yet calculated CVE-2017-7258
MISC
bubblewrap — bubblewrap
 
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal’s input buffer, allowing an attacker to escape the sandbox. 2017-03-29 not yet calculated CVE-2017-5226
CONFIRM
CONFIRM
CONFIRM
ceragon — fibeair In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. 2017-03-30 not yet calculated CVE-2016-10309
MISC
citymont_symetrie — citymont_symetrie
 
citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). 2017-03-31 not yet calculated CVE-2017-7386
CONFIRM
dahua — ip_camera
 
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a “Component error: login challenge!” message. The second JSON object encountered has a result indicating a successful admin login. 2017-03-30 not yet calculated CVE-2017-7253
MISC
emc — isilon_onefs
 
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 – 7.1.1.10, 7.2.0 – 7.2.1.3, and 8.0.0 – 8.0.0.1. 2017-03-29 not yet calculated CVE-2017-4980
CONFIRM
BID
emc — rsa_archer_security_operations_management
 
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system. 2017-03-29 not yet calculated CVE-2017-4977
CONFIRM
BID
fortinet — fortigate
 
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate’s IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. 2017-03-30 not yet calculated CVE-2016-7541
CONFIRM
BID
fortinet — fortios
 
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. 2017-03-30 not yet calculated CVE-2016-7542
CONFIRM
BID
gitlab — gitlab
 
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee. 2017-03-27 not yet calculated CVE-2016-9469
MISC
MISC
MISC
MISC
MISC
MISC
gitlab — gitlab
 
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC. 2017-03-27 not yet calculated CVE-2017-0882
BID
MISC
MISC
MISC
MISC
MISC
hak5 — wifi-pineapple
 
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. 2017-03-31 not yet calculated CVE-2015-4624
MISC
MISC
BUGTRAQ
EXPLOIT-DB
hkdf — hkdf
 
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. 2017-03-27 not yet calculated CVE-2016-9243
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
honeywell — intermec
 
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. 2017-03-29 not yet calculated CVE-2017-5671
CONFIRM
BID
MISC
CONFIRM
ibm — algorithmics_one-algo_risk_application
 
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892. 2017-03-31 not yet calculated CVE-2017-1154
CONFIRM
ibm — curam_social_program_manager
 
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. 2017-03-31 not yet calculated CVE-2016-6111
CONFIRM
ibm — inotes
 
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824. 2017-03-31 not yet calculated CVE-2016-9990
CONFIRM
ibm — jazz_foundation
 
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. 2017-03-31 not yet calculated CVE-2016-9707
CONFIRM
ibm — kenexa
 
IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483. 2017-03-31 not yet calculated CVE-2016-8935
CONFIRM
ibm — rational_quality_manager
 
IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. 2017-03-31 not yet calculated CVE-2016-6036
CONFIRM
ibm — rational_quality_manager
 
IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. 2017-03-31 not yet calculated CVE-2016-6031
CONFIRM
ibm — rational_quality_manager
 
IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. 2017-03-31 not yet calculated CVE-2016-6022
CONFIRM
ibm — sterling_order_management
 
IBM Sterling Order Management 9.2 – 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943. 2017-03-31 not yet calculated CVE-2016-8917
CONFIRM
ibm — tririga
 
The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083. 2017-03-31 not yet calculated CVE-2017-1171
CONFIRM
illumos — illumos
 
illumos smbsrv NULL pointer dereference allows system crash. 2017-03-31 not yet calculated CVE-2016-6561
CONFIRM
CONFIRM
CONFIRM
illumos — illumos
 
illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. 2017-03-31 not yet calculated CVE-2016-6560
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. 2017-03-30 not yet calculated CVE-2014-9821
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to “too many object.” 2017-03-30 not yet calculated CVE-2014-9804
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. 2017-03-30 not yet calculated CVE-2014-9812
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. 2017-03-30 not yet calculated CVE-2014-9805
MLIST
MLIST
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. 2017-03-30 not yet calculated CVE-2014-9806
MLIST
MLIST
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. 2017-03-30 not yet calculated CVE-2014-9809
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. 2017-03-30 not yet calculated CVE-2014-9820
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. 2017-03-30 not yet calculated CVE-2014-9810
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. 2017-03-30 not yet calculated CVE-2014-9808
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. 2017-03-30 not yet calculated CVE-2014-9819
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. 2017-03-30 not yet calculated CVE-2014-9807
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. 2017-03-30 not yet calculated CVE-2014-9817
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. 2017-03-30 not yet calculated CVE-2014-9826
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. 2017-03-30 not yet calculated CVE-2014-9823
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. 2017-03-30 not yet calculated CVE-2014-9813
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. 2017-03-30 not yet calculated CVE-2014-9811
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. 2017-03-30 not yet calculated CVE-2014-9825
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. 2017-03-30 not yet calculated CVE-2014-9814
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. 2017-03-30 not yet calculated CVE-2014-9816
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. 2017-03-30 not yet calculated CVE-2014-9824
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. 2017-03-30 not yet calculated CVE-2014-9818
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. 2017-03-30 not yet calculated CVE-2014-9822
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. 2017-03-30 not yet calculated CVE-2014-9815
MLIST
MLIST
CONFIRM
CONFIRM
intel_security — anti-virus_engine
 
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. 2017-03-28 not yet calculated CVE-2016-8031
BID
CONFIRM
intel_security — anti-virus_engine
 
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. 2017-03-31 not yet calculated CVE-2016-8032
CONFIRM
jensen_of_scandinavia — air_link
 
Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary code or crash the web service via the (1) ateFunc, (2) ateGain, (3) ateTxCount, (4) ateChan, (5) ateRate, (6) ateMacID, (7) e2pTxPower1, (8) e2pTxPower2, (9) e2pTxPower3, (10) e2pTxPower4, (11) e2pTxPower5, (12) e2pTxPower6, (13) e2pTxPower7, (14) e2pTx2Power1, (15) e2pTx2Power2, (16) e2pTx2Power3, (17) e2pTx2Power4, (18) e2pTx2Power5, (19) e2pTx2Power6, (20) e2pTx2Power7, (21) ateTxFreqOffset, (22) ateMode, (23) ateBW, (24) ateAntenna, (25) e2pTxFreqOffset, (26) e2pTxPwDeltaB, (27) e2pTxPwDeltaG, (28) e2pTxPwDeltaMix, (29) e2pTxPwDeltaN, and (30) readE2P parameters of the /goform/formWlanMP endpoint. 2017-03-26 not yet calculated CVE-2016-10273
MISC
linux — linux_kernel
 
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. 2017-03-31 not yet calculated CVE-2014-9114
FEDORA
FEDORA
SUSE
MLIST
BID
XF
CONFIRM
CONFIRM
GENTOO
linux — linux_kernel
 
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. 2017-03-31 not yet calculated CVE-2017-7374
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. 2017-03-31 not yet calculated CVE-2017-2647
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. 2017-03-30 not yet calculated CVE-2017-7346
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. 2017-03-27 not yet calculated CVE-2017-7273
CONFIRM
CONFIRM
BID
CONFIRM
magmi — magmi
 
A Cross-Site Scripting (XSS) was discovered in ‘Magmi 0.7.22’. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the ‘magmi-git-master/magmi/web/ajax_gettime.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-31 not yet calculated CVE-2017-7391
CONFIRM
CONFIRM
mantisbt — configuration_report
 
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted ‘config_option’ parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3. 2017-03-31 not yet calculated CVE-2017-7309
CONFIRM
CONFIRM
BID
mantisbt — configuration_report
 
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted ‘action’ parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2. 2017-03-31 not yet calculated CVE-2017-6973
CONFIRM
CONFIRM
BID
mantisbt — move_attachments
 
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted ‘type’ parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the “Post-installation and upgrade tasks” of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page. 2017-03-31 not yet calculated CVE-2017-7241
CONFIRM
CONFIRM
BID
mikrotik — mikrotik
 
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. 2017-03-29 not yet calculated CVE-2017-7285
MISC
EXPLOIT-DB
multi-router_looking_glass — multi-router_looking_glass
 
fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. 2017-03-31 not yet calculated CVE-2014-3931
CONFIRM
MISC
MISC
mxit — mxit
 
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. 2017-03-29 not yet calculated CVE-2016-2379
BID
MISC
CONFIRM
GENTOO
nagios — nagios
 
Cross-site scripting (XSS) vulnerability in Nagios. 2017-03-31 not yet calculated CVE-2016-6209
FULLDISC
CONFIRM
national_instruments — labview_2016
 
An exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version 16.0.0.49152. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution. 2017-03-31 not yet calculated CVE-2017-2775
MISC
netiq — sentinel_server
 
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). 2017-03-30 not yet calculated CVE-2017-5184
CONFIRM
netiq — sentinel_server
 
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. 2017-03-30 not yet calculated CVE-2017-5185
CONFIRM
oci-register-machine — oci-register-machine
 
The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command. 2017-03-29 not yet calculated CVE-2016-6349
MLIST
MLIST
BID
CONFIRM
CONFIRM
open-exchange –appsuite
 
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML. 2017-03-29 not yet calculated CVE-2016-6846
CONFIRM
BID
CONFIRM
CONFIRM
open_eclass — open_eclass
 
Multiple Cross-Site Scripting (XSS) were discovered in ‘openeclass Release_3.5.4’. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the ‘openeclass-master/modules/tc/webconf/webconf.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-31 not yet calculated CVE-2017-7389
CONFIRM
openstack — glance
 
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. 2017-03-29 not yet calculated CVE-2015-8234
MLIST
MISC
CONFIRM
pixie — pixie
 
Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. 2017-03-31 not yet calculated CVE-2017-7359
MISC
pixie — pixie
 
Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. 2017-03-31 not yet calculated CVE-2017-7360
MISC
pixie — pixie
 
Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. 2017-03-31 not yet calculated CVE-2017-7362
MISC
pixie — pixie
 
Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. 2017-03-31 not yet calculated CVE-2017-7363
MISC
pixie — pixie
 
Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. 2017-03-31 not yet calculated CVE-2017-7361
MISC
rancher_labs — rancher_server
 
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3. 2017-03-28 not yet calculated CVE-2017-7297
BID
CONFIRM
ruby — ruby
 
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. 2017-03-29 not yet calculated CVE-2009-5147
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
samsung — galaxy
 
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. 2017-03-27 not yet calculated CVE-2015-0863
MISC
samsung — samsung_account
 
Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. 2017-03-27 not yet calculated CVE-2015-0864
BID
MISC
siklu — etherhaul
 
Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication. 2017-03-30 not yet calculated CVE-2017-7318
MISC
BID
siklu — etherhaul
 
Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device’s web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. 2017-03-30 not yet calculated CVE-2016-10308
MISC
BID
snoopy — snoopy
 
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. 2017-03-31 not yet calculated CVE-2008-7313
CONFIRM
MLIST
MLIST
MLIST
BID
CONFIRM
XF
REDHAT
REDHAT
REDHAT
REDHAT
GENTOO
MISC
snoopy — snoopy
 
Snoopy allows remote attackers to execute arbitrary commands. 2017-03-31 not yet calculated CVE-2014-5008
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
DEBIAN
MLIST
MLIST
MLIST
BID
CONFIRM
MISC
snoopy — snoopy
 
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. 2017-03-31 not yet calculated CVE-2014-5009
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
MLIST
MLIST
BID
XF
CONFIRM
MISC
MISC
socialnetwork — socialnetwork
 
A Cross-Site Scripting (XSS) was discovered in ‘SocialNetwork v1.2.1’. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the ‘SocialNetwork-andrea/app/template/pw_forgot.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-31 not yet calculated CVE-2017-7390
CONFIRM
sophos — sophos_web_appliance
 
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. 2017-03-30 not yet calculated CVE-2017-6412
CONFIRM
CONFIRM
sophos — sophos_web_appliance
 
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. 2017-03-30 not yet calculated CVE-2017-6183
CONFIRM
CONFIRM
sophos — sophos_web_appliance
 
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. 2017-03-30 not yet calculated CVE-2017-6182
CONFIRM
CONFIRM
sophos — sophos_web_appliance
 
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. 2017-03-30 not yet calculated CVE-2017-6184
CONFIRM
CONFIRM
sync_breeze — enterprise_client
 
A buffer overflow vulnerability in Import Command in Sync Breeze Enterprise Client 9.5.16, Disk Sorter Enterprise Client 9.5.12, and DiskBoss Enterprise Client 7.8.16 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element. 2017-03-29 not yet calculated CVE-2017-7310
BID
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
thefirstquestion_helpmewatchwho — thefirstquestion_helpmewatchwho
 
TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). 2017-03-31 not yet calculated CVE-2017-7387
CONFIRM
tigervnc — tigervnc
 
In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. 2017-03-31 not yet calculated CVE-2017-7392
CONFIRM
tigervnc — tigervnc
 
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. 2017-03-31 not yet calculated CVE-2017-7393
CONFIRM
tigervnc — tigervnc
 
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. 2017-03-31 not yet calculated CVE-2017-7395
CONFIRM
CONFIRM
tigervnc — tigervnc
 
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. 2017-03-31 not yet calculated CVE-2017-7396
CONFIRM
CONFIRM
tigervnc — tigervnc
 
In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. 2017-03-31 not yet calculated CVE-2017-7394
CONFIRM
trango — altum_ac600
 
Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. 2017-03-30 not yet calculated CVE-2016-10306
MISC
MISC
BID
trango — trango
 
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. 2017-03-30 not yet calculated CVE-2016-10305
MISC
trango — trango
 
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. 2017-03-30 not yet calculated CVE-2016-10307
MISC
BID
trend_micro — enterprise_mobile_security_android_applicaton
 
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. 2017-03-30 not yet calculated CVE-2016-9319
MISC
CONFIRM
ubuntu — dmcrypt-get-device dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS. 2017-03-27 not yet calculated CVE-2017-6964
BID
CONFIRM
CONFIRM
vlc — vlc
 
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. 2017-03-28 not yet calculated CVE-2014-6440
MISC
MLIST
BID
MISC
GENTOO
wallacepos — wallacepos
 
A Cross-Site Scripting (XSS) was discovered in ‘wallacepos v1.4.1’. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the ‘wallacepos-master/myaccount/resetpassword.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-31 not yet calculated CVE-2017-7388
CONFIRM
xoops — xoops
 
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses “into outfile” to create a backdoor program. 2017-03-30 not yet calculated CVE-2017-7290
BID
MISC
zimbra — zimbra_collaboration_suite
 
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. 2017-03-29 not yet calculated CVE-2016-9924
BID
CONFIRM
zulip — zulip
 
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server. 2017-03-27 not yet calculated CVE-2017-0881
BID
MISC
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.