Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8716 | 1 Imagemagick | 1 Imagemagick | 2017-04-17 | 2.1 LOW | 6.2 MEDIUM |
| The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). | |||||
| CVE-2014-8562 | 1 Imagemagick | 1 Imagemagick | 2017-04-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | |||||
| CVE-2016-10322 | 1 Synology | 1 Photo Station | 2017-04-17 | 6.5 MEDIUM | 8.8 HIGH |
| Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. | |||||
| CVE-2016-4444 | 2 Redhat, Setroubleshoot Project | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2017-04-17 | 6.9 MEDIUM | 7.0 HIGH |
| The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function. | |||||
| CVE-2017-6412 | 1 Sophos | 1 Web Appliance | 2017-04-14 | 6.8 MEDIUM | 8.1 HIGH |
| In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | |||||
| CVE-2017-7575 | 1 Schneider-electric | 2 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware | 2017-04-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded. | |||||
| CVE-2015-7292 | 1 Amazon | 1 Fire Os | 2017-04-14 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv. | |||||
| CVE-2017-5988 | 1 Netapp | 1 Clustered Data Ontap | 2017-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2017-5983 | 1 Atlassian | 1 Jira | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | |||||
| CVE-2016-6879 | 1 Botan Project | 1 Botan | 2017-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value. | |||||
| CVE-2016-6878 | 1 Botan Project | 1 Botan | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang. | |||||
| CVE-2015-7824 | 1 Botan Project | 1 Botan | 2017-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites. | |||||
| CVE-2015-7825 | 1 Botan Project | 1 Botan | 2017-04-14 | 7.8 HIGH | 7.5 HIGH |
| botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain. | |||||
| CVE-2015-7826 | 1 Botan Project | 1 Botan | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. | |||||
| CVE-2015-8378 | 1 Keepassx Project | 1 Keepassx | 2017-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile. | |||||
| CVE-2017-3447 | 2017-04-14 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was associated with multiple vulnerabilities without being assigned by a CNA. Notes: none. | |||||
| CVE-2016-6605 | 1 Cloudera | 1 Cdh | 2017-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization. | |||||
| CVE-2016-5067 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 9.0 HIGH | 8.8 HIGH |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. | |||||
| CVE-2016-5068 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | |||||
| CVE-2016-5069 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | |||||