CVE Daily
← All years

Uncategorized 2017

Page 17/20.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2017-02-15
High

CVE-2016-1881

The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-1880

The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "han…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-10089

Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.

CVSS: 7.8CWE: CWE-264
Read more
2017-02-13
Medium

CVE-2016-9355

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Ala…

CVSS: 5.3CWE: CWE-255
Read more
Medium

CVE-2016-8375

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physica…

CVSS: 4.9CWE: CWE-255
Read more
Critical

CVE-2017-5144

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions wi…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2016-9366

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…

CVSS: 9.8CWE: CWE-264
Read more
Medium

CVE-2016-9354

An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption.

CVSS: 5.5CWE: CWE-399
Read more
High

CVE-2016-9353

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could…

CVSS: 7.8CWE: CWE-264
Read more
Low

CVE-2016-9348

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…

CVSS: 3.3CWE: CWE-255
Read more
Medium

CVE-2016-9347

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the D…

CVSS: 5.0CWE: CWE-254
Read more
Medium

CVE-2016-9346

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

CVSS: 5.3CWE: CWE-310
Read more
Medium

CVE-2016-9345

An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the…

CVSS: 6.8CWE: CWE-264
Read more
Low

CVE-2016-9338

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and…

CVSS: 2.7CWE: N/A
Read more
High

CVE-2016-9334

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and…

CVSS: 7.3CWE: N/A
Read more
High

CVE-2016-9332

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to cr…

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2016-8566

An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the…

CVSS: 7.8CWE: CWE-255
Read more
High

CVE-2016-8379

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware…

CVSS: 8.1CWE: N/A
Read more
Critical

CVE-2016-8378

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials.

CVSS: 9.8CWE: CWE-255
Read more
High

CVE-2016-8372

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware…

CVSS: 8.1CWE: CWE-255
Read more
Critical

CVE-2016-8363

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-R…

CVSS: 10.0CWE: CWE-264
Read more
High

CVE-2016-8357

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This…

CVSS: 7.1CWE: CWE-264
Read more
Medium

CVE-2016-8353

An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions.

CVSS: 6.4CWE: CWE-264
Read more
High

CVE-2016-7987

An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted pac…

CVSS: 7.5CWE: CWE-19
Read more
High

CVE-2016-10224

An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is v…

CVSS: 7.2CWE: CWE-254
Read more
High

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.

CVSS: 7.0CWE: CWE-264
Read more
Critical

CVE-2015-8768

click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges…

CVSS: 9.8CWE: CWE-264
Read more
2017-02-10
High

CVE-2016-8711

A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution.…

CVSS: 7.8CWE: N/A
Read more
2017-02-09
High

CVE-2017-3813

A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with th…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-8494

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2016-6173

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2016-3102

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set arra…

CVSS: 7.3CWE: CWE-254
Read more
2017-02-08
High

CVE-2016-5934

IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit…

CVSS: 7.3CWE: CWE-264
Read more
High

CVE-2017-0450

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0449

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Mode…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0447

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0446

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0445

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0444

An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0443

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0436

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0435

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0434

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This is…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0433

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This is…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0432

An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High becau…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-0430

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Crit…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0427

An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critica…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0419

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High bec…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0415

An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High bec…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0409

A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rate…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-0408

A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as Hig…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2016-8481

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: CWE-264
Read more
High

CVE-2016-8480

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the…

CVSS: 7.0CWE: CWE-264
Read more
High

CVE-2016-8476

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: CWE-264
Read more
High

CVE-2016-8421

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: CWE-264
Read more
High

CVE-2016-8420

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: CWE-264
Read more
High

CVE-2016-8419

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: CWE-264
Read more
2017-02-07
Critical

CVE-2016-6667

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2016-5711

NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2016-3180

Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Troja…

CVSS: 8.1CWE: CWE-254
Read more
High

CVE-2015-8322

NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVSS: 8.8CWE: N/A
Read more
High

CVE-2016-2779

runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-10044

The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions…

CVSS: 7.8CWE: CWE-264
Read more
2017-02-06
Critical

CVE-2017-5677

PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2016-7448

The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and…

CVSS: 7.5CWE: CWE-399
Read more
Critical

CVE-2015-2794

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

CVSS: 9.8CWE: CWE-264
Read more
Medium

CVE-2017-5577

The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local…

CVSS: 5.5CWE: CWE-388
Read more
Medium

CVE-2017-5551

The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group pri…

CVSS: 4.4CWE: N/A
Read more
High

CVE-2017-5546

The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possi…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-2583

The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a…

CVSS: 8.4CWE: N/A
Read more
High

CVE-2016-10153

The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memor…

CVSS: 7.8CWE: CWE-399
Read more
Critical

CVE-2016-10150

Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or poss…

CVSS: 9.8CWE: CWE-264
Read more
2017-02-03
Medium

CVE-2016-6188

Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.

CVSS: 6.5CWE: CWE-399
Read more
Medium

CVE-2016-5241

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

CVSS: 5.5CWE: CWE-189
Read more
High

CVE-2016-9871

EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2016-8216

EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain…

CVSS: 6.7CWE: CWE-264
Read more
Medium

CVE-2016-6648

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissi…

CVSS: 4.4CWE: CWE-275
Read more
2017-02-02
High

CVE-2017-1093

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2016-6235

The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file.

CVSS: 5.5CWE: CWE-399
Read more
2017-02-01
High

CVE-2016-9739

IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.

CVSS: 7.8CWE: CWE-255
Read more
High

CVE-2016-8919

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.

CVSS: 7.5CWE: CWE-399
Read more
Medium

CVE-2016-6110

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.

CVSS: 6.5CWE: CWE-255
Read more
Medium

CVE-2016-8967

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.

CVSS: 5.5CWE: CWE-255
Read more
Medium

CVE-2016-0371

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2016-8918

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.

CVSS: 5.9CWE: CWE-255
Read more
Medium

CVE-2016-8911

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could…

CVSS: 5.4CWE: CWE-254
Read more
Critical

CVE-2016-6090

IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2016-6028

IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2016-5950

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.

CVSS: 6.5CWE: CWE-255
Read more
Medium

CVE-2016-5949

IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.

CVSS: 4.3CWE: CWE-254
Read more
Medium

CVE-2016-5898

IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit th…

CVSS: 4.3CWE: CWE-254
Read more
High

CVE-2016-3053

IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.

CVSS: 7.8CWE: CWE-264
Read more
Medium

CVE-2016-3022

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.

CVSS: 6.5CWE: CWE-275
Read more
Low

CVE-2016-0394

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.

CVSS: 3.3CWE: CWE-275
Read more
High

CVE-2017-3790

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a re…

CVSS: 8.6CWE: CWE-399
Read more
High

CVE-2016-9225

A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX m…

CVSS: 8.6CWE: CWE-399
Read more
Medium

CVE-2016-9963

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

CVSS: 5.9CWE: CWE-320
Read more
2017-01-31
Critical

CVE-2016-9403

newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.

CVSS: 9.8CWE: CWE-264
Read more
Medium

CVE-2016-5117

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid…

CVSS: 5.9CWE: CWE-254
Read more
2017-01-30
High

CVE-2016-6268

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan hors…

CVSS: 7.8CWE: CWE-264
Read more
Medium

CVE-2016-2217

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.

CVSS: 5.3CWE: CWE-320
Read more
Medium

CVE-2015-7331

The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.

CVSS: 6.6CWE: CWE-254
Read more
High

CVE-2016-7544

Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then t…

CVSS: 7.5CWE: CWE-399
Read more
Medium

CVE-2015-8158

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.

CVSS: 5.9CWE: N/A
Read more
High

CVE-2015-7979

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a bro…

CVSS: 7.5CWE: CWE-19
Read more
Medium

CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a c…

CVSS: 4.3CWE: CWE-254
Read more
Medium

CVE-2015-7973

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.

CVSS: 6.5CWE: CWE-254
Read more
Medium

CVE-2017-5573

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2017-5632

An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the de…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2016-10186

An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2016-10185

An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.

CVSS: 7.5CWE: CWE-254
Read more
Critical

CVE-2016-10178

An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.

CVSS: 9.8CWE: CWE-254
Read more
2017-01-27
High

CVE-2017-5328

Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2017-3443

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 1…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3442

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easil…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3441

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easil…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3440

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easil…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3439

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3438

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3437

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2CWE: N/A
Read more
>