SB17-114: Vulnerability Summary for the Week of April 17, 2017

Original release date: April 24, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — tomcat In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. 2017-04-17 7.5 CVE-2017-5651
BID
CONFIRM
MLIST
apache — traffic_server Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. 2017-04-17 7.8 CVE-2016-5396
CONFIRM
canonical — ubuntu_linux The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup. 2017-04-14 7.2 CVE-2016-0727
MISC
BID
SECTRACK
UBUNTU
CONFIRM
CONFIRM
ffmpeg — ffmpeg FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. 2017-04-14 7.5 CVE-2017-7859
BID
MISC
ffmpeg — ffmpeg FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. 2017-04-14 7.5 CVE-2017-7862
BID
MISC
MISC
ffmpeg — ffmpeg FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. 2017-04-14 7.5 CVE-2017-7863
BID
MISC
MISC
ffmpeg — ffmpeg FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. 2017-04-14 7.5 CVE-2017-7865
BID
MISC
MISC
ffmpeg — ffmpeg FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. 2017-04-14 7.5 CVE-2017-7866
BID
MISC
MISC
flatcore — flatcore-cms SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. 2017-04-14 7.5 CVE-2017-7878
CONFIRM
freetype — freetype2 FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. 2017-04-14 7.5 CVE-2016-10328
MISC
MISC
BID
MISC
freetype — freetype2 FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. 2017-04-14 7.5 CVE-2017-7857
MISC
BID
MISC
freetype — freetype2 FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. 2017-04-14 7.5 CVE-2017-7858
MISC
BID
MISC
freetype — freetype2 FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. 2017-04-14 7.5 CVE-2017-7864
MISC
BID
MISC
google — android Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices. 2017-04-17 10.0 CVE-2016-6726
BID
CONFIRM
grpc — grpc Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. 2017-04-14 7.5 CVE-2017-7860
BID
MISC
MISC
grpc — grpc Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. 2017-04-14 7.5 CVE-2017-7861
BID
MISC
MISC
ibm — spectrum_lsf IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. 2017-04-14 7.2 CVE-2017-1205
MISC
BID
libreoffice — libreoffice LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. 2017-04-14 7.5 CVE-2016-10327
BID
MISC
MISC
libreoffice — libreoffice LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. 2017-04-14 7.5 CVE-2017-7856
BID
MISC
MISC
libreoffice — libreoffice LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. 2017-04-14 7.5 CVE-2017-7870
BID
MISC
MISC
libreoffice — libreoffice LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. 2017-04-15 7.5 CVE-2017-7882
BID
MISC
MISC
linux — linux_kernel The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. 2017-04-18 7.8 CVE-2017-7645
MISC
MISC
linux — linux_kernel The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. 2017-04-16 7.2 CVE-2017-7889
MISC
MISC
BID
MISC
proxifier — proxifier_for_mac Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program. 2017-04-14 7.2 CVE-2017-7643
FULLDISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — tomcat A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. 2017-04-17 5.0 CVE-2017-5647
MLIST
apache — tomcat While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. 2017-04-17 6.4 CVE-2017-5648
BID
MLIST
apache — tomcat In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads. 2017-04-17 5.0 CVE-2017-5650
BID
MLIST
apache — traffic_server Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. 2017-04-17 5.0 CVE-2017-5659
CONFIRM
artifex — ghostscript The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. 2017-04-14 6.8 CVE-2016-8602
CONFIRM
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
bigtreecms — bigtree_cms BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14. 2017-04-15 6.8 CVE-2017-7881
MISC
bitrix_project — bitrix Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php. 2017-04-14 6.0 CVE-2015-8356
MISC
BUGTRAQ
BID
MISC
cybozu — office The “Project” function in Cybozu 9.0.0 through 10.4.0 allows remote authenticated users to read closed project information. 2017-04-17 4.0 CVE-2016-4867
JVN
JVNDB
BID
CONFIRM
cybozu — office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject arbitrary email headers. 2017-04-17 4.3 CVE-2016-4868
JVN
JVNDB
BID
CONFIRM
cybozu — office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain session information from users. 2017-04-17 4.3 CVE-2016-4869
JVN
JVNDB
BID
CONFIRM
cybozu — office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. 2017-04-17 6.8 CVE-2016-4871
JVN
JVNDB
BID
CONFIRM
cybozu — office The “breadcrumb trail” component in Cybozu Office 9.0.0 through 10.4.0 allows remote authenticated users to read the names of closed projects. 2017-04-17 4.0 CVE-2016-4872
JVN
JVNDB
BID
CONFIRM
cybozu — office The “Project” function in Cybozu Office 9.0.0 through 10.4.0 does not properly check access permissions, which allows remote authenticated users to alter project information. 2017-04-17 4.0 CVE-2016-4873
JVN
JVNDB
BID
CONFIRM
databox_project — databox_plugin Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-14 4.3 CVE-2016-4875
JVN
JVNDB
BID
CONFIRM
CONFIRM
flatcore — flatcore-cms CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. 2017-04-14 6.8 CVE-2017-7877
BID
CONFIRM
flatcore — flatcore-cms SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. 2017-04-14 5.0 CVE-2017-7879
CONFIRM
ibm — cognos_business_intelligence IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612. 2017-04-17 5.0 CVE-2016-3036
CONFIRM
BID
ibm — financial_transaction_manager IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. 2017-04-14 4.0 CVE-2017-1152
CONFIRM
ibm — marketing_platform IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236. 2017-04-17 4.9 CVE-2016-0228
CONFIRM
BID
ibm — tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538. 2017-04-14 6.8 CVE-2016-8925
CONFIRM
BID
ibm — tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539. 2017-04-14 4.0 CVE-2016-8926
CONFIRM
imagemagick — imagemagick coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. 2017-04-19 4.3 CVE-2014-9907
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. 2017-04-18 4.3 CVE-2017-7941
BID
CONFIRM
imagemagick — imagemagick The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. 2017-04-18 4.3 CVE-2017-7942
BID
CONFIRM
imagemagick — imagemagick The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. 2017-04-18 4.3 CVE-2017-7943
CONFIRM
mantisbt — mantisbt MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. 2017-04-16 6.5 CVE-2017-7615
MISC
MISC
BID
CONFIRM
mongodb — mongodb mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. 2017-04-14 5.0 CVE-2016-3104
BID
CONFIRM
CONFIRM
moxa — mxview Moxa MXView 2.8 allows remote attackers to read web server’s private key file, no access control. 2017-04-14 5.0 CVE-2017-7455
MISC
MISC
FULLDISC
moxa — mxview Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. 2017-04-14 5.0 CVE-2017-7456
MISC
FULLDISC
palo_alto_networks — traps Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. 2017-04-14 5.0 CVE-2017-7408
BID
CONFIRM
CONFIRM
paloaltonetworks — pan-os The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. 2017-04-14 4.0 CVE-2017-7217
BID
CONFIRM
paloaltonetworks — pan-os The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. 2017-04-14 4.6 CVE-2017-7218
BID
CONFIRM
radare — radare2 The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. 2017-04-18 4.3 CVE-2017-7946
CONFIRM
CONFIRM
sap — netweaver SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. 2017-04-14 6.5 CVE-2017-7717
BID
MISC
symantec — messaging_gateway Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. 2017-04-14 4.0 CVE-2016-5312
MISC
FULLDISC
BID
SECTRACK
CONFIRM
EXPLOIT-DB
wolfcms — wolf_cms Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter “filename” properly. Exploitation requires a registered user who has access to upload functionality. 2017-04-14 6.5 CVE-2015-6567
MISC
MISC
MISC
CONFIRM
CONFIRM
wolfcms — wolf_cms Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to “.php” after originally using the parameter “filename” for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality. 2017-04-14 6.5 CVE-2015-6568
MISC
MISC
MISC
CONFIRM
CONFIRM
zohocorp — servicedesk_plus ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions. 2017-04-14 6.5 CVE-2016-4889
JVN
JVNDB
BID
zohocorp — servicedesk_plus ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie. 2017-04-14 5.0 CVE-2016-4890
JVN
JVNDB
BID

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cybozu — office Cross-site scripting (XSS) vulnerability in the “Customapp” function in Cybozu Office 9.0.0 through 10.4.0. 2017-04-17 3.5 CVE-2016-4865
JVN
JVNDB
BID
CONFIRM
cybozu — office Cross-site scripting (XSS) vulnerability in the “Project” function in Cybozu Office 9.0.0 through 10.4.0. 2017-04-17 3.5 CVE-2016-4866
JVN
JVNDB
BID
CONFIRM
cybozu — office Cross-site scripting (XSS) vulnerability in “Schedule” function in Cybozu Office 9.0.0 through 10.4.0. 2017-04-17 3.5 CVE-2016-4870
JVN
JVNDB
BID
CONFIRM
cybozu — office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a “reflected file download” attack. 2017-04-17 3.5 CVE-2016-4874
JVN
JVNDB
BID
CONFIRM
ibm — cognos_business_intelligence IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim’s password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613. 2017-04-17 3.5 CVE-2016-3037
CONFIRM
BID
ibm — cognos_business_intelligence IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614. 2017-04-17 3.5 CVE-2016-3038
CONFIRM
BID
ibm — tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540. 2017-04-14 3.5 CVE-2016-8927
CONFIRM
BID
moxa — mx-aopc_server XML External Entity via “.AOP” files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. 2017-04-14 1.9 CVE-2017-7457
MISC
FULLDISC
zohocorp — servicedesk_plus Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-14 3.5 CVE-2016-4888
JVN
JVNDB
BID
zurmo — zurmo_crm Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. 2017-04-14 3.5 CVE-2017-7188
BID
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
105_bank — 105_bank_app
 
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-21 not yet calculated CVE-2016-1210
JVN
JVNDB
akerun — smart_lock_robot_app
 
Akerun – Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-1148
JVN
JVNDB
CONFIRM
apache — batik
 
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server – including confidential or sensitive files – would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. 2017-04-18 not yet calculated CVE-2017-5662
CONFIRM
apache — cxf
 
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. 2017-04-18 not yet calculated CVE-2017-5653
CONFIRM
apache — cxf
 
Apache CXF’s STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. 2017-04-18 not yet calculated CVE-2017-5656
CONFIRM
apache — fop
 
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server – including confidential or sensitive files – would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. 2017-04-18 not yet calculated CVE-2017-5661
CONFIRM
apache — log4j
 
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. 2017-04-17 not yet calculated CVE-2017-5645
BID
CONFIRM
apple — operating_systems
 
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-04-20 not yet calculated CVE-2016-4650
BID
MISC
CONFIRM
CONFIRM
CONFIRM
arm_holdings — mbed_TLS
 
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. 2017-04-20 not yet calculated CVE-2017-2784
MISC
CONFIRM
artifex — artifex
 
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. 2017-04-16 not yet calculated CVE-2017-7885
MISC
artifex — ghostscript
 
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. 2017-04-19 not yet calculated CVE-2017-7948
CONFIRM
CONFIRM
artifex — jbig2dec
 
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. 2017-04-19 not yet calculated CVE-2017-7975
MISC
artifex — jbig2dec
 
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. 2017-04-19 not yet calculated CVE-2017-7976
MISC
asterisk — asterisk
 
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). 2017-04-17 not yet calculated CVE-2016-7551
CONFIRM
DEBIAN
MISC
CONFIRM
MISC
axis_communications — network_cameras
 
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. 2017-04-17 not yet calculated CVE-2015-8256
MISC
BID
EXPLOIT-DB
blackberry — blackberry
 
The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. 2017-04-21 not yet calculated CVE-2016-2433
CONFIRM
c/c++ — c/c++
 
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. 2017-04-14 not yet calculated CVE-2017-7868
MISC
BID
MISC
c/c++ — c/c++
 
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. 2017-04-14 not yet calculated CVE-2017-7867
MISC
BID
MISC
cisco — adaptive_security_appliance_software A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device’s local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Note: Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.12) 9.2(4.18) 9.4(3.12) 9.5(3.2) 9.6(2.2). Cisco Bug IDs: CSCvb40898. 2017-04-20 not yet calculated CVE-2017-6607
BID
CONFIRM
cisco — adaptive_security_appliance_software
 
A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321. 2017-04-20 not yet calculated CVE-2017-3793
BID
CONFIRM
cisco — adaptive_security_appliance_software
 
A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.7) 9.2(4.11) 9.4(4) 9.5(3) 9.6(1.5). Cisco Bug IDs: CSCuz11685. 2017-04-20 not yet calculated CVE-2017-6610
BID
CONFIRM
cisco — adaptive_security_appliance_software
 
A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 8.4(7.31) 9.0(4.39) 9.1(7) 9.2(4.6) 9.3(3.8) 9.4(2) 9.5(2). Cisco Bug IDs: CSCuv48243. 2017-04-20 not yet calculated CVE-2017-6608
BID
CONFIRM
cisco — adaptive_security_appliance_software
 
A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. An attacker needs to establish a valid IPsec tunnel before exploiting this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.8) 9.2(4.15) 9.4(4) 9.5(3.2) 9.6(2). Cisco Bug IDs: CSCun16158. 2017-04-20 not yet calculated CVE-2017-6609
BID
CONFIRM
cisco — findit_network_probe_software
 
A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628. 2017-04-20 not yet calculated CVE-2017-6614
BID
CONFIRM
cisco — firepower_system_software
 
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876. 2017-04-20 not yet calculated CVE-2016-6368
BID
CONFIRM
cisco — integrated_management_controller
 
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578. 2017-04-20 not yet calculated CVE-2017-6616
BID
CONFIRM
cisco — integrated_management_controller
 
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591. 2017-04-20 not yet calculated CVE-2017-6619
BID
CONFIRM
cisco — integrated_management_controller
 
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user’s browser session on the affected system. Cisco Bug IDs: CSCvd14583. 2017-04-20 not yet calculated CVE-2017-6617
BID
CONFIRM
cisco — integrated_management_controller
 
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587. 2017-04-20 not yet calculated CVE-2017-6618
BID
CONFIRM
cisco — ios_ios_xe

 

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut47751. 2017-04-20 not yet calculated CVE-2017-3861
BID
CONFIRM
cisco — ios_ios_xe
 
Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCur29331. 2017-04-20 not yet calculated CVE-2017-3860
BID
CONFIRM
cisco — ios_ios_xe

 

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut50727. 2017-04-20 not yet calculated CVE-2017-3863
BID
CONFIRM
cisco — ios_ios_xe

 

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCuu76493. 2017-04-20 not yet calculated CVE-2017-3862
BID
CONFIRM
cisco — ios_xe
 
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392. 2017-04-20 not yet calculated CVE-2017-6615
BID
CONFIRM
cisco — prime
 
A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCuw65830. 2017-04-20 not yet calculated CVE-2017-6611
BID
CONFIRM
cisco — prime
 
A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition. This vulnerability affects Cisco Prime Network Registrar on all software versions prior to 8.3.5. Cisco Bug IDs: CSCvb55412. 2017-04-20 not yet calculated CVE-2017-6613
BID
CONFIRM
cisco — unified_communications_manager
 
A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455. 2017-04-20 not yet calculated CVE-2017-3808
BID
CONFIRM
cloud_foundry — cloud_controller
 
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. 2017-04-20 not yet calculated CVE-2017-4969
CONFIRM
craft_cms — craft_cms
 
Craft CMS before 2.6.2974 allows XSS attacks. 2017-04-21 not yet calculated CVE-2017-8052
CONFIRM
CONFIRM
cybozu — cybozu_kunai_app
 
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-1187
JVN
JVNDB
CONFIRM
CONFIRM
cybozu — garoon
 
Cross-site scripting (XSS) vulnerability in the “User details” function in Cybozu Garoon before 4.2.2. 2017-04-20 not yet calculated CVE-2016-1215
JVN
JVNDB
BID
CONFIRM
cybozu — garoon
 
Cross-site scripting (XSS) vulnerability in the “Response request” function in Cybozu Garoon before 4.2.2. 2017-04-20 not yet calculated CVE-2016-1214
JVN
JVNDB
BID
CONFIRM
cybozu — garoon
 
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. 2017-04-21 not yet calculated CVE-2016-1194
JVN
JVNDB
CONFIRM
cybozu — garoon
 
Cross-site scripting (XSS) vulnerability in the “Check available times” function in Cybozu Garoon before 4.2.2. 2017-04-20 not yet calculated CVE-2016-1217
JVN
JVNDB
BID
CONFIRM
cybozu — garoon
 
The “Scheduler” function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. 2017-04-20 not yet calculated CVE-2016-1213
JVN
JVNDB
BID
CONFIRM
cybozu — garoon
 
Cross-site scripting (XSS) vulnerability in the “New appointment” function in Cybozu Garoon before 4.2.2. 2017-04-20 not yet calculated CVE-2016-1216
JVN
JVNDB
BID
CONFIRM
cybozu — garoon
 
SQL injection vulnerability in Cybozu Garoon before 4.2.2. 2017-04-20 not yet calculated CVE-2016-1218
JVN
JVNDB
BID
CONFIRM
cybozu — garoon
 
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. 2017-04-20 not yet calculated CVE-2016-1219
JVN
JVNDB
BID
CONFIRM
cybozu — garoon
 
Cybozu Garoon before 4.2.2 does not properly restrict access. 2017-04-20 not yet calculated CVE-2016-1220
JVN
JVNDB
BID
CONFIRM
cybuzo — mailwise Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. 2017-04-20 not yet calculated CVE-2016-4844
JVN
JVNDB
BID
CONFIRM
cybuzo — mailwise
 
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. 2017-04-20 not yet calculated CVE-2016-4843
JVN
JVNDB
BID
CONFIRM
cybuzo — mailwise
 
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. 2017-04-20 not yet calculated CVE-2016-4842
JVN
JVNDB
BID
CONFIRM
cybuzo — mailwise
 
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. 2017-04-21 not yet calculated CVE-2016-4841
JVN
JVNDB
BID
CONFIRM
cygwin — cygwin
 
Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges. 2017-04-21 not yet calculated CVE-2016-3067
MLIST
MLIST
MLIST
MLIST
CONFIRM
d-link — wireless_range_extender_hardware
 
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. 2017-04-21 not yet calculated CVE-2016-1559
MISC
FULLDISC
CONFIRM
d-link — wireless_range_extenders
 
Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted ‘dlink_uid’ cookie. 2017-04-21 not yet calculated CVE-2016-1558
MISC
FULLDISC
CONFIRM
dmitry — dmitry
 
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files. 2017-04-20 not yet calculated CVE-2017-7938
MISC
MISC
drupal — drupal
 
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. 2017-04-19 not yet calculated CVE-2017-6919
BID
CONFIRM
exagrid — firmware
 
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. 2017-04-21 not yet calculated CVE-2016-1560
MISC
MISC
MISC
exagrid — firmware
 
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. 2017-04-21 not yet calculated CVE-2016-1561
MISC
MISC
MISC
exponent_cms — exponent_cms
 
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. 2017-04-21 not yet calculated CVE-2017-7991
MISC
MISC
MISC
feh — feh
 
In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free. 2017-04-14 not yet calculated CVE-2017-7875
BID
CONFIRM
CONFIRM
firewalld — firewalld
 
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. 2017-04-19 not yet calculated CVE-2016-5410
REDHAT
CONFIRM
MLIST
BID
CONFIRM
FEDORA
FEDORA
GENTOO
geeklog — geeklog_ivywe
 
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml. 2017-04-20 not yet calculated CVE-2016-4849
JVN
JVNDB
BID
CONFIRM
CONFIRM
CONFIRM
gnutls — gnutls
 
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor’s GNUTLS-SA-2017-3 report) is fixed in 3.5.10. 2017-04-14 not yet calculated CVE-2017-7869
BID
MISC
MISC
CONFIRM
google — android
 
Android allows users to cause a denial of service. 2017-04-21 not yet calculated CVE-2016-0833
MISC
google — android
 
The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code. 2017-04-17 not yet calculated CVE-2016-6727
CONFIRM
BID
CONFIRM
google — android
 
DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-4829
JVN
JVNDB
google — android
 
DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. 2017-04-20 not yet calculated CVE-2016-4818
CONFIRM
JVN
JVNDB
CONFIRM
CONFIRM
google — android
 
WAON “Service Application” for Android 1.4.1 and earlier does not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-4832
JVN
JVNDB
BID
grandstream — grandstream_wave_app The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate. 2017-04-21 not yet calculated CVE-2016-1519
MISC
BUGTRAQ
MISC
grandstream — grandstream_wave_app
 
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. 2017-04-21 not yet calculated CVE-2016-1520
MISC
BUGTRAQ
MISC
grandstream — grandstream_wave_app
 
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/. 2017-04-21 not yet calculated CVE-2016-1518
MISC
BUGTRAQ
MISC
hancom — hancom_office
 
Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file. 2017-04-20 not yet calculated CVE-2016-4293
BID
MISC
heartland_payment_systems — heartland_payment_systems
 
Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter. 2017-04-21 not yet calculated CVE-2017-7992
MISC
hipchat — hipchat
 
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. 2017-04-14 not yet calculated CVE-2017-7357
BUGTRAQ
BID
CONFIRM
CONFIRM
ibm — api_connect
 
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956. 2017-04-17 not yet calculated CVE-2017-1161
CONFIRM
BID
ibm — curam_social_program_management
 
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. 2017-04-20 not yet calculated CVE-2016-8923
CONFIRM
ibm — curam_social_program_management
 
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. 2017-04-20 not yet calculated CVE-2016-9979
CONFIRM
ibm — curam_social_program_management
 
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. 2017-04-20 not yet calculated CVE-2016-9978
CONFIRM
ibm — curam_social_program_management
 
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. 2017-04-20 not yet calculated CVE-2016-9980
CONFIRM
ibm — financial_transition_manager
 
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. 2017-04-17 not yet calculated CVE-2017-1160
CONFIRM
BID
ibm — security_guardium
 
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174. 2017-04-20 not yet calculated CVE-2017-1122
CONFIRM
imagemagick — imagemagick magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. 2017-04-20 not yet calculated CVE-2016-7536
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. 2017-04-20 not yet calculated CVE-2016-7521
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. 2017-04-19 not yet calculated CVE-2016-7537
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-04-19 not yet calculated CVE-2016-7519
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. 2017-04-20 not yet calculated CVE-2015-8959
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. 2017-04-19 not yet calculated CVE-2016-7522
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. 2017-04-19 not yet calculated CVE-2016-7529
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-04-20 not yet calculated CVE-2016-7527
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. 2017-04-20 not yet calculated CVE-2016-7530
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. 2017-04-19 not yet calculated CVE-2016-7528
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. 2017-04-20 not yet calculated CVE-2016-7526
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. 2017-04-20 not yet calculated CVE-2016-7538
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. 2017-04-20 not yet calculated CVE-2016-7540
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. 2017-04-20 not yet calculated CVE-2016-7535
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file. 2017-04-20 not yet calculated CVE-2016-7534
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. 2017-04-20 not yet calculated CVE-2016-7532
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. 2017-04-19 not yet calculated CVE-2016-7533
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. 2017-04-19 not yet calculated CVE-2016-7531
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. 2017-04-20 not yet calculated CVE-2016-7525
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. 2017-04-20 not yet calculated CVE-2016-7514
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors. 2017-04-20 not yet calculated CVE-2016-7513
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. 2017-04-20 not yet calculated CVE-2015-8957
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. 2017-04-20 not yet calculated CVE-2016-5010
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. 2017-04-19 not yet calculated CVE-2016-7515
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. 2017-04-20 not yet calculated CVE-2015-8958
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. 2017-04-20 not yet calculated CVE-2016-7516
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. 2017-04-20 not yet calculated CVE-2016-7520
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file. 2017-04-20 not yet calculated CVE-2016-7518
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. 2017-04-20 not yet calculated CVE-2016-7517
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imageworsener — imageworsener
 
The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. 2017-04-18 not yet calculated CVE-2017-7940
CONFIRM
imageworsener — imageworsener

 

The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. 2017-04-19 not yet calculated CVE-2017-7962
MISC
MISC
MISC
imageworsener — imageworsener
 
The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. 2017-04-18 not yet calculated CVE-2017-7939
CONFIRM
irregex — irregex
 
The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern. 2017-04-21 not yet calculated CVE-2016-9954
MLIST
BID
CONFIRM
CONFIRM
jackson — jackson
 
XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. 2017-04-14 not yet calculated CVE-2016-7051
BID
CONFIRM
jetstar — jetstar_app
 
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-21 not yet calculated CVE-2016-1221
JVN
JVNDB
kintone — kintone_mobile_app
 
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. 2017-04-21 not yet calculated CVE-2016-1186
JVN
JVNDB
CONFIRM
lexmark — perceptive_document_filters
 
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 2017-04-20 not yet calculated CVE-2017-2806
MISC
lhasa_limited — lhasa
 
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. 2017-04-21 not yet calculated CVE-2016-2347
SUSE
SUSE
DEBIAN
MISC
CONFIRM
CONFIRM
libcroco — libcroco
 
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. 2017-04-19 not yet calculated CVE-2017-7960
MISC
MISC
libcroco — libcroco
 
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an “outside the range of representable values of type long” undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. 2017-04-19 not yet calculated CVE-2017-7961
MISC
MISC
libplist — libplist
 
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file. 2017-04-20 not yet calculated CVE-2017-7982
CONFIRM
linux — linux_kernel
 
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via “tc filter add” commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org. 2017-04-19 not yet calculated CVE-2017-7979
MISC
MISC
MISC
MISC
MISC
MISC
MISC
manageengine — password_manager_pro
 
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). 2017-04-20 not yet calculated CVE-2016-1161
MISC
BID
MISC
mantisbt — mantisbt
 
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER[‘PHP_SELF’] to generate URLs. 2017-04-18 not yet calculated CVE-2017-7897
CONFIRM
CONFIRM
CONFIRM
mediawiki — mediawiki
 
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. 2017-04-20 not yet calculated CVE-2016-6335
CONFIRM
MLIST
CONFIRM
CONFIRM
mediawiki — mediawiki
 
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. 2017-04-20 not yet calculated CVE-2016-6331
CONFIRM
MLIST
CONFIRM
mediawiki — mediawiki
 
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. 2017-04-20 not yet calculated CVE-2016-6337
MLIST
CONFIRM
mediawiki — mediawiki
 
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links. 2017-04-20 not yet calculated CVE-2016-6334
CONFIRM
MLIST
CONFIRM
mediawiki — mediawiki
 
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete. 2017-04-20 not yet calculated CVE-2016-6336
CONFIRM
MLIST
CONFIRM
mediawiki — mediawiki
 
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css. 2017-04-20 not yet calculated CVE-2016-6333
CONFIRM
MLIST
CONFIRM
mediawiki — mediawiki
 
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked. 2017-04-20 not yet calculated CVE-2016-6332
CONFIRM
MLIST
CONFIRM
microsoft — windows
 
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. 2017-04-20 not yet calculated CVE-2016-4850
JVN
JVNDB
BID
CONFIRM
moodle — moodle

 

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read. 2017-04-20 not yet calculated CVE-2016-3734
CONFIRM
MLIST
BID
SECTRACK
CONFIRM
moodle — moodle

 

The “restore teacher” feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. 2017-04-20 not yet calculated CVE-2016-3733
CONFIRM
MLIST
SECTRACK
CONFIRM
moodle — moodle

 

Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. 2017-04-20 not yet calculated CVE-2016-3731
MLIST
SECTRACK
CONFIRM
moodle — moodle

 

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. 2017-04-20 not yet calculated CVE-2016-3732
MLIST
SECTRACK
CONFIRM
moodle — moodle
 
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. 2017-04-20 not yet calculated CVE-2016-3729
MLIST
SECTRACK
CONFIRM
moxa — awk-3131a_wireless_access_point_firmware
 
An exploitable OS Command Injection vulnerability exists in the web application ‘ping’ functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. 2017-04-20 not yet calculated CVE-2016-8721
MISC
netgear — wireless_access_points
 
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. 2017-04-21 not yet calculated CVE-2016-1557
MISC
FULLDISC
CONFIRM
netgear — wireless_access_points
 
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. 2017-04-21 not yet calculated CVE-2016-1556
MISC
FULLDISC
CONFIRM
netgear — wireless_access_points
 
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. 2017-04-21 not yet calculated CVE-2016-1555
MISC
FULLDISC
CONFIRM
netiq — access_manager
 
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. 2017-04-20 not yet calculated CVE-2017-5183
CONFIRM
netiq — access_manager
 
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. 2017-04-20 not yet calculated CVE-2017-5190
CONFIRM
novell — novell_groupwise Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. 2017-04-20 not yet calculated CVE-2016-5762
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
MISC
novell — novell_groupwise
 
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. 2017-04-20 not yet calculated CVE-2016-5760
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
MISC
novell — novell_groupwise
 
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. 2017-04-20 not yet calculated CVE-2016-5761
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
MISC
openmrs — openmrs
 
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp. 2017-04-20 not yet calculated CVE-2017-7990
MISC
MISC
openstack — manila
 
Cross-site scripting (XSS) vulnerability in the “Shares” overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the “Create Share” form. 2017-04-21 not yet calculated CVE-2016-6519
REDHAT
REDHAT
REDHAT
MLIST
BID
CONFIRM
CONFIRM
opentext — documentum
 
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized “UPDATE dm_dbo.dm_user_s SET user_privileges=16” command, aka an “RPC save-commands” attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532. 2017-04-20 not yet calculated CVE-2017-7220
MISC
MISC
MISC
opera — opera_web_browser
 
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. 2017-04-20 not yet calculated CVE-2016-4075
MISC
ossec — ossec_web_user_interface
 
Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. 2017-04-20 not yet calculated CVE-2016-4847
JVN
JVNDB
BID
CONFIRM
ovirt — ovirt_engine
 
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files. 2017-04-20 not yet calculated CVE-2016-6341
BID
CONFIRM
CONFIRM
CONFIRM
palo_alto_networks — pan_os
 
Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. 2017-04-20 not yet calculated CVE-2017-7409
CONFIRM
pcs_software — pcs
 
Session fixation vulnerability in pcsd in pcs before 0.9.157. 2017-04-21 not yet calculated CVE-2016-0721
FEDORA
FEDORA
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
pcs_software — pcs
 
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. 2017-04-21 not yet calculated CVE-2016-0720
FEDORA
FEDORA
REDHAT
CONFIRM
CONFIRM
photopt — photopt_app
 
Photopt for Android before 2.0.1 does not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-1198
JVN
JVNDB
CONFIRM
php — php
 
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. 2017-04-21 not yet calculated CVE-2016-5399
MISC
CONFIRM
CONFIRM
FULLDISC
MLIST
BUGTRAQ
BID
SECTRACK
CONFIRM
CONFIRM
EXPLOIT-DB
phusionpassenger — phusionpassenger
 
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. 2017-04-18 not yet calculated CVE-2016-10345
CONFIRM
CONFIRM
podpfo — podpfo PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp). 2017-04-22 not yet calculated CVE-2017-8053
MISC
MISC
podpfo — podpfo
 
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. 2017-04-21 not yet calculated CVE-2017-7994
MISC
MISC
podpfo — podpfo
 
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document. 2017-04-22 not yet calculated CVE-2017-8054
MISC
qemu — qemu
 
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. 2017-04-20 not yet calculated CVE-2017-7718
CONFIRM
MLIST
CONFIRM
quest_software — privilege_manager
 
pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action. 2017-04-14 not yet calculated CVE-2017-6554
MISC
BID
EXPLOIT-DB
quickheal — quickheal
 
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. 2017-04-20 not yet calculated CVE-2015-8285
EXPLOIT-DB
red_hat — cloudforms_management_engine
 
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. 2017-04-21 not yet calculated CVE-2016-3702
CONFIRM
red_hat — enterprise_virtualization_manager
 
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. 2017-04-20 not yet calculated CVE-2016-6338
BID
CONFIRM
red_hat — jboss_brms
 
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page. 2017-04-20 not yet calculated CVE-2016-5401
CONFIRM
red_hat — openshift_enterprise_2
 
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. 2017-04-20 not yet calculated CVE-2016-5409
CONFIRM
red_hat — quickstart_cloud_installer
 
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. 2017-04-14 not yet calculated CVE-2016-7060
BID
REDHAT
CONFIRM
resteasy — resteasy
 
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-20 not yet calculated CVE-2016-6347
BID
CONFIRM
ruby — ruby
 
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack. 2017-04-19 not yet calculated CVE-2013-7463
MISC
samsung — android
 
Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290. 2017-04-19 not yet calculated CVE-2017-7978
CONFIRM
sandstorm — cap’n_proto
 
Sandstorm Cap’n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap’n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message. 2017-04-17 not yet calculated CVE-2017-7892
CONFIRM
schneider_electric — wonderware_intouch_access_anywhere
 
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer’s SSL certificate properly. 2017-04-20 not yet calculated CVE-2017-5160
MISC
BID
MISC
schneider_electric — wonderware_intouch_access_anywhere
 
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified. 2017-04-20 not yet calculated CVE-2017-5158
MISC
BID
MISC
schneider_electric — wonderware_intouch_access_anywhere
 
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. 2017-04-20 not yet calculated CVE-2017-5156
MISC
BID
MISC
securebrain — phishwall_client
 
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. 2017-04-21 not yet calculated CVE-2016-4846
JVN
JVNDB
CONFIRM
BID
shopware — shopware
 
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. 2017-04-21 not yet calculated CVE-2016-3109
MISC
BUGTRAQ
CONFIRM
skia — skia
 
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. 2017-04-21 not yet calculated CVE-2016-5168
CONFIRM
CONFIRM
MISC
sourcebans-pp — sourcebans-pp
 
sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. 2017-04-17 not yet calculated CVE-2017-7891
BID
MISC
spring_amqp — spring_amqp
 
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. 2017-04-21 not yet calculated CVE-2016-2173
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
squirrelmail — squirrelmail
 
SquirrelMail 1.4.22 allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It’s possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn’t escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it’s possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the “Options > Personal Informations > Email Address” setting. 2017-04-20 not yet calculated CVE-2017-7692
MISC
MISC
sushiro — sushiro_app
 
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-4830
JVN
JVNDB
BID
tenable — appliance

 

Tenable Appliance 3.5 – 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands. 2017-04-21 not yet calculated CVE-2017-8051
CONFIRM
MISC
EXPLOIT-DB
tenable — appliance
 
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. 2017-04-21 not yet calculated CVE-2017-8050
CONFIRM
MISC
tenable — nessus
 
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. 2017-04-19 not yet calculated CVE-2017-7850
CONFIRM
tenable — nessus
 
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. 2017-04-19 not yet calculated CVE-2017-7849
CONFIRM
tokyo_star_bank — tokyo_star_bank_app
 
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. 2017-04-21 not yet calculated CVE-2016-1184
JVN
JVNDB
CONFIRM
toshiba — coordinate_plus_app
 
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. 2017-04-21 not yet calculated CVE-2016-4840
JVN
JVNDB
BID
trend_micro — interscan_messaging_security_virtual_appliance
 
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. 2017-04-18 not yet calculated CVE-2017-7896
BID
CONFIRM
twigmo — twigmo_for_cs-cart
 
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. 2017-04-20 not yet calculated CVE-2016-4862
JVN
JVNDB
CONFIRM
BID
unitrends — enterprise_backup
 
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. 2017-04-19 not yet calculated CVE-2017-7283
MISC
MISC
unitrends — enterprise_backup
 
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI). 2017-04-19 not yet calculated CVE-2017-7282
MISC
MISC
unrtf — unrtf
 
Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function. 2017-04-21 not yet calculated CVE-2016-10091
CONFIRM
MLIST
MLIST
BID
CONFIRM
watchguard — fireware
 
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox. 2017-04-22 not yet calculated CVE-2017-8056
MISC
MISC
MISC
MISC
watchguard — fireware
 
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox. 2017-04-22 not yet calculated CVE-2017-8055
MISC
MISC
MISC
MISC
wondercms — wondercms
 
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. 2017-04-20 not yet calculated CVE-2017-7951
CONFIRM
CONFIRM
zyxel — wre6505
 
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. 2017-04-19 not yet calculated CVE-2017-7964
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.