| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6368 | Hig | 0.56 | 8.6 | 0.03 | Apr 20, 2017 | A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly… | ||
| CVE-2017-1122 | Hig | 0.48 | 7.4 | 0.00 | Apr 20, 2017 | IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174. | ||
| CVE-2016-5401 | Hig | 0.57 | 8.8 | 0.01 | Apr 20, 2017 | Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page. | ||
| CVE-2016-3734 | Hig | 0.50 | 8.8 | 0.01 | Apr 20, 2017 | Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read. | ||
| CVE-2016-1161 | Hig | 0.52 | 8.0 | 0.01 | Apr 20, 2017 | Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). | ||
| CVE-2015-8285 | Hig | 0.52 | 7.5 | 0.05 | Apr 20, 2017 | The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. | ||
| CVE-2017-5156 | Hig | 0.57 | 8.8 | 0.01 | Apr 20, 2017 | A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the… | ||
| CVE-2017-2784 | Hig | 0.53 | 8.1 | 0.03 | Apr 20, 2017 | An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack… | ||
| CVE-2016-4862 | Hig | 0.57 | 8.8 | 0.02 | Apr 20, 2017 | Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | ||
| CVE-2016-4850 | Hig | 0.53 | 8.1 | 0.02 | Apr 20, 2017 | LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | ||
| CVE-2016-1218 | Hig | 0.57 | 8.8 | 0.02 | Apr 20, 2017 | SQL injection vulnerability in Cybozu Garoon before 4.2.2. | ||
| CVE-2016-6337 | Hig | 0.49 | 7.5 | 0.01 | Apr 20, 2017 | MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. | ||
| CVE-2016-6335 | Hig | 0.49 | 7.5 | 0.02 | Apr 20, 2017 | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. | ||
| CVE-2016-6332 | Hig | 0.49 | 7.5 | 0.02 | Apr 20, 2017 | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked. | ||
| CVE-2016-6331 | Hig | 0.49 | 7.5 | 0.02 | Apr 20, 2017 | ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. | ||
| CVE-2016-5409 | Hig | 0.49 | 7.5 | 0.01 | Apr 20, 2017 | Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | ||
| CVE-2016-4650 | Hig | 0.51 | 7.8 | 0.02 | Apr 20, 2017 | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2016-4293 | Hig | 0.51 | 7.8 | 0.04 | Apr 20, 2017 | Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file. | ||
| CVE-2017-7692 | Hig | 0.63 | 8.8 | 0.32 | Apr 20, 2017 | SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The… | ||
| CVE-2017-7283 | Hig | 0.58 | 8.8 | 0.04 | Apr 20, 2017 | An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. | ||
| CVE-2017-6919 | Hig | 0.49 | 7.5 | 0.02 | Apr 20, 2017 | Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. | ||
| CVE-2017-7979 | Hig | 0.51 | 7.8 | 0.00 | Apr 19, 2017 | The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system… | ||
| CVE-2017-7978 | Hig | 0.49 | 7.5 | 0.01 | Apr 19, 2017 | Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290. | ||
| CVE-2017-7976 | Hig | 0.46 | 7.1 | 0.01 | Apr 19, 2017 | Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information… | ||
| CVE-2013-7463 | Hig | 0.49 | 7.5 | 0.01 | Apr 19, 2017 | The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack. | ||
| CVE-2017-7975 | Hig | 0.51 | 7.8 | 0.02 | Apr 19, 2017 | Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly… | ||
| CVE-2017-7963 | Hig | 0.49 | 7.5 | 0.02 | Apr 19, 2017 | The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here,… | ||
| CVE-2017-7961 | Hig | 0.51 | 7.8 | 0.02 | Apr 19, 2017 | The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified… | ||
| CVE-2017-7948 | Hig | 0.51 | 7.8 | 0.02 | Apr 19, 2017 | Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. | ||
| CVE-2017-7850 | Hig | 0.51 | 7.8 | 0.00 | Apr 19, 2017 | Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | ||
| CVE-2016-10345 | Hig | 0.44 | 7.8 | 0.00 | Apr 18, 2017 | In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | ||
| CVE-2017-5656 | Hig | 0.42 | 7.5 | 0.07 | Apr 18, 2017 | Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. | ||
| CVE-2017-7645 | Hig | 0.49 | 7.5 | 0.06 | Apr 18, 2017 | The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | ||
| CVE-2017-5662 | Hig | 0.48 | 7.3 | 0.04 | Apr 18, 2017 | In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the… | ||
| CVE-2017-5661 | Hig | 0.48 | 7.3 | 0.03 | Apr 18, 2017 | In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user… | ||
| CVE-2017-7892 | Hig | 0.49 | 7.5 | 0.01 | Apr 17, 2017 | Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with… | ||
| CVE-2017-1161 | Hig | 0.48 | 7.3 | 0.01 | Apr 17, 2017 | IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the… | ||
| CVE-2016-3036 | Hig | 0.49 | 7.5 | 0.02 | Apr 17, 2017 | IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612. | ||
| CVE-2017-5659 | Hig | 0.49 | 7.5 | 0.03 | Apr 17, 2017 | Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | ||
| CVE-2016-5396 | Hig | 0.49 | 7.5 | 0.03 | Apr 17, 2017 | Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | ||
| CVE-2017-5650 | Hig | 0.42 | 7.5 | 0.08 | Apr 17, 2017 | In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These… | ||
| CVE-2017-5647 | Hig | 0.43 | 7.5 | 0.17 | Apr 17, 2017 | A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous… | ||
| CVE-2016-7551 | Hig | 0.49 | 7.5 | 0.05 | Apr 17, 2017 | chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). | ||
| CVE-2017-7889 | Hig | 0.51 | 7.8 | 0.00 | Apr 17, 2017 | The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an… | ||
| CVE-2017-7885 | Hig | 0.46 | 7.1 | 0.01 | Apr 17, 2017 | Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a… | ||
| CVE-2017-7615 | Hig | 0.67 | 8.8 | 0.91 | Apr 16, 2017 | MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | ||
| CVE-2017-7881 | Hig | 0.57 | 8.8 | 0.01 | Apr 15, 2017 | BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php… | ||
| CVE-2017-7879 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2017 | SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | ||
| CVE-2017-7877 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2017 | CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | ||
| CVE-2017-7717 | Hig | 0.57 | 8.8 | 0.02 | Apr 14, 2017 | SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. |
- risk 0.56cvss 8.6epss 0.03
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly…
- risk 0.48cvss 7.4epss 0.00
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.
- risk 0.50cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
- risk 0.52cvss 8.0epss 0.01
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500).
- risk 0.52cvss 7.5epss 0.05
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.
- risk 0.57cvss 8.8epss 0.01
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the…
- risk 0.53cvss 8.1epss 0.03
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack…
- risk 0.57cvss 8.8epss 0.02
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.
- risk 0.53cvss 8.1epss 0.02
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
- risk 0.49cvss 7.5epss 0.01
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
- risk 0.49cvss 7.5epss 0.02
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
- risk 0.49cvss 7.5epss 0.02
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.
- risk 0.49cvss 7.5epss 0.02
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.
- risk 0.49cvss 7.5epss 0.01
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.04
Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file.
- risk 0.63cvss 8.8epss 0.32
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The…
- risk 0.58cvss 8.8epss 0.04
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.
- risk 0.49cvss 7.5epss 0.02
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
- risk 0.51cvss 7.8epss 0.00
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system…
- risk 0.49cvss 7.5epss 0.01
Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.
- risk 0.46cvss 7.1epss 0.01
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information…
- risk 0.49cvss 7.5epss 0.01
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.
- risk 0.51cvss 7.8epss 0.02
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly…
- risk 0.49cvss 7.5epss 0.02
The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here,…
- risk 0.51cvss 7.8epss 0.02
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified…
- risk 0.51cvss 7.8epss 0.02
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.
- risk 0.51cvss 7.8epss 0.00
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.
- risk 0.44cvss 7.8epss 0.00
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
- risk 0.42cvss 7.5epss 0.07
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
- risk 0.49cvss 7.5epss 0.06
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
- risk 0.48cvss 7.3epss 0.04
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the…
- risk 0.48cvss 7.3epss 0.03
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user…
- risk 0.49cvss 7.5epss 0.01
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with…
- risk 0.48cvss 7.3epss 0.01
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the…
- risk 0.49cvss 7.5epss 0.02
IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612.
- risk 0.49cvss 7.5epss 0.03
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
- risk 0.49cvss 7.5epss 0.03
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.
- risk 0.42cvss 7.5epss 0.08
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These…
- risk 0.43cvss 7.5epss 0.17
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous…
- risk 0.49cvss 7.5epss 0.05
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).
- risk 0.51cvss 7.8epss 0.00
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an…
- risk 0.46cvss 7.1epss 0.01
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a…
- risk 0.67cvss 8.8epss 0.91
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
- risk 0.57cvss 8.8epss 0.01
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php…
- risk 0.49cvss 7.5epss 0.01
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
- risk 0.57cvss 8.8epss 0.01
CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.