Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6647 | 1 Google | 1 Chrome | 2017-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free in AnimationController::endAnimationUpdate in Google Chrome. | |||||
| CVE-2017-7617 | 1 Digium | 2 Asterisk, Certified Asterisk | 2017-04-17 | 6.5 MEDIUM | 8.8 HIGH |
| Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action. | |||||
| CVE-2014-8355 | 1 Imagemagick | 1 Imagemagick | 2017-04-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | |||||
| CVE-2017-7625 | 1 Fiyo | 1 Fiyo Cms | 2017-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | |||||
| CVE-2016-8237 | 1 Lenovo | 1 Updates | 2017-04-17 | 9.3 HIGH | 8.1 HIGH |
| Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | |||||
| CVE-2017-7695 | 1 Bigtreecms | 1 Bigtree Cms | 2017-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | |||||
| CVE-2017-7648 | 1 Foscam | 12 C1, C1 Lite, C2 and 9 more | 2017-04-17 | 4.3 MEDIUM | 8.1 HIGH |
| Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
| CVE-2016-4989 | 2 Redhat, Setroubleshoot Project | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2017-04-17 | 6.9 MEDIUM | 7.0 HIGH |
| setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445. | |||||
| CVE-2016-7547 | 1 Trendmicro | 1 Threat Discovery Appliance | 2017-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. | |||||
| CVE-2016-7552 | 1 Trendmicro | 1 Threat Discovery Appliance | 2017-04-17 | 10.0 HIGH | 9.8 CRITICAL |
| On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. | |||||
| CVE-2016-7957 | 1 Wireshark | 1 Wireshark | 2017-04-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. | |||||
| CVE-2016-7958 | 1 Wireshark | 1 Wireshark | 2017-04-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. | |||||
| CVE-2017-7345 | 1 Netapp | 1 Clustered Data Ontap | 2017-04-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-8235 | 1 Lenovo | 1 Customer Care Software Development Kit | 2017-04-17 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | |||||
| CVE-2017-7621 | 1 Auromeera | 1 Emli | 2017-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0. | |||||
| CVE-2016-4446 | 2 Redhat, Setroubleshoot Project | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2017-04-17 | 6.9 MEDIUM | 7.0 HIGH |
| The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function. | |||||
| CVE-2016-4445 | 2 Redhat, Setroubleshoot Project | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2017-04-17 | 6.9 MEDIUM | 7.0 HIGH |
| The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function. | |||||
| CVE-2016-5322 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2017-04-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | |||||
| CVE-2017-7646 | 1 Solarwinds | 1 Log \& Event Manager | 2017-04-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | |||||
| CVE-2017-5672 | 1 Kony | 1 Enterprise Mobile Management | 2017-04-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. | |||||