| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9804 | Hig | 0.49 | 7.5 | 0.03 | Mar 30, 2017 | vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." | ||
| CVE-2017-7323 | Hig | 0.53 | 8.1 | 0.02 | Mar 30, 2017 | The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection… | ||
| CVE-2017-7322 | Hig | 0.53 | 8.1 | 0.01 | Mar 30, 2017 | The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. | ||
| CVE-2017-7290 | Hig | 0.47 | 7.2 | 0.02 | Mar 30, 2017 | SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program. | ||
| CVE-2017-7310 | Hig | 0.58 | 7.8 | 0.54 | Mar 29, 2017 | A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML… | ||
| CVE-2017-4980 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1. | ||
| CVE-2017-4977 | Hig | 0.46 | 7.0 | 0.00 | Mar 29, 2017 | EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system. | ||
| CVE-2017-7308 | Hig | 0.55 | 7.8 | 0.18 | Mar 29, 2017 | The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the… | ||
| CVE-2017-7258 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as… | ||
| CVE-2016-2379 | Hig | 0.57 | 8.8 | 0.00 | Mar 29, 2017 | The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | ||
| CVE-2017-7304 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This… | ||
| CVE-2017-7303 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils… | ||
| CVE-2017-7302 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability… | ||
| CVE-2017-7301 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU… | ||
| CVE-2017-7300 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while… | ||
| CVE-2017-7285 | Hig | 0.53 | 7.5 | 0.19 | Mar 29, 2017 | A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. | ||
| CVE-2017-5671 | Hig | 0.60 | 8.8 | 0.01 | Mar 29, 2017 | Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root… | ||
| CVE-2015-4556 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). | ||
| CVE-2009-5147 | Hig | 0.41 | 7.3 | 0.08 | Mar 29, 2017 | DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. | ||
| CVE-2017-7294 | Hig | 0.51 | 7.8 | 0.00 | Mar 29, 2017 | The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service… | ||
| CVE-2017-2689 | Hig | 0.57 | 8.8 | 0.01 | Mar 29, 2017 | Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. | ||
| CVE-2017-2688 | Hig | 0.57 | 8.8 | 0.01 | Mar 29, 2017 | The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link… | ||
| CVE-2017-7297 | Hig | 0.57 | 8.8 | 0.01 | Mar 29, 2017 | Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3. | ||
| CVE-2016-8031 | Hig | 0.47 | 7.3 | 0.00 | Mar 28, 2017 | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. | ||
| CVE-2017-7277 | Hig | 0.46 | 7.1 | 0.00 | Mar 28, 2017 | The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system… | ||
| CVE-2016-9469 | Hig | 0.53 | 8.2 | 0.02 | Mar 28, 2017 | Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an… | ||
| CVE-2016-9463 | Hig | 0.53 | 8.1 | 0.04 | Mar 28, 2017 | Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB… | ||
| CVE-2016-9456 | Hig | 0.57 | 8.8 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. | ||
| CVE-2016-9455 | Hig | 0.57 | 8.8 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`,… | ||
| CVE-2016-9127 | Hig | 0.57 | 8.8 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially… | ||
| CVE-2016-9123 | Hig | 0.42 | 7.5 | 0.02 | Mar 28, 2017 | go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures. | ||
| CVE-2016-9122 | Hig | 0.42 | 7.5 | 0.02 | Mar 28, 2017 | go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For… | ||
| CVE-2017-6964 | Hig | 0.51 | 7.8 | 0.00 | Mar 28, 2017 | dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects… | ||
| CVE-2017-1153 | Hig | 0.57 | 8.8 | 0.01 | Mar 27, 2017 | IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563. | ||
| CVE-2016-8960 | Hig | 0.57 | 8.8 | 0.02 | Mar 27, 2017 | IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM… | ||
| CVE-2017-5239 | Hig | 0.49 | 7.5 | 0.00 | Mar 27, 2017 | Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM)… | ||
| CVE-2017-5237 | Hig | 0.49 | 7.5 | 0.02 | Mar 27, 2017 | Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!" | ||
| CVE-2016-9252 | Hig | 0.49 | 7.5 | 0.02 | Mar 27, 2017 | The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. | ||
| CVE-2017-7272 | Hig | 0.48 | 7.4 | 0.04 | Mar 27, 2017 | PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname… | ||
| CVE-2017-7183 | Hig | 0.52 | 7.5 | 0.06 | Mar 27, 2017 | The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message. | ||
| CVE-2017-6462 | Hig | 0.51 | 7.8 | 0.00 | Mar 27, 2017 | Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. | ||
| CVE-2017-6460 | Hig | 0.57 | 8.8 | 0.03 | Mar 27, 2017 | Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. | ||
| CVE-2017-6458 | Hig | 0.58 | 8.8 | 0.07 | Mar 27, 2017 | Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | ||
| CVE-2017-6455 | Hig | 0.46 | 7.0 | 0.00 | Mar 27, 2017 | NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | ||
| CVE-2017-6452 | Hig | 0.51 | 7.8 | 0.00 | Mar 27, 2017 | Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. | ||
| CVE-2017-6451 | Hig | 0.51 | 7.8 | 0.00 | Mar 27, 2017 | The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds… | ||
| CVE-2016-9243 | Hig | 0.42 | 7.5 | 0.03 | Mar 27, 2017 | HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. | ||
| CVE-2016-4912 | Hig | 0.49 | 7.5 | 0.05 | Mar 27, 2017 | The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure. | ||
| CVE-2016-10225 | Hig | 0.54 | 7.8 | 0.04 | Mar 27, 2017 | The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug. | ||
| CVE-2015-8764 | Hig | 0.53 | 8.1 | 0.01 | Mar 27, 2017 | Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. |
- risk 0.49cvss 7.5epss 0.03
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."
- risk 0.53cvss 8.1epss 0.02
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection…
- risk 0.53cvss 8.1epss 0.01
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate.
- risk 0.47cvss 7.2epss 0.02
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.
- risk 0.58cvss 7.8epss 0.54
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML…
- risk 0.49cvss 7.5epss 0.02
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.
- risk 0.46cvss 7.0epss 0.00
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.
- risk 0.55cvss 7.8epss 0.18
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the…
- risk 0.49cvss 7.5epss 0.02
HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as…
- risk 0.57cvss 8.8epss 0.00
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU…
- risk 0.49cvss 7.5epss 0.02
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while…
- risk 0.53cvss 7.5epss 0.19
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
- risk 0.60cvss 8.8epss 0.01
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root…
- risk 0.49cvss 7.5epss 0.02
The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).
- risk 0.41cvss 7.3epss 0.08
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
- risk 0.51cvss 7.8epss 0.00
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service…
- risk 0.57cvss 8.8epss 0.01
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.
- risk 0.57cvss 8.8epss 0.01
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link…
- risk 0.57cvss 8.8epss 0.01
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
- risk 0.47cvss 7.3epss 0.00
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.
- risk 0.46cvss 7.1epss 0.00
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system…
- risk 0.53cvss 8.2epss 0.02
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an…
- risk 0.53cvss 8.1epss 0.04
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB…
- risk 0.57cvss 8.8epss 0.01
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.
- risk 0.57cvss 8.8epss 0.01
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`,…
- risk 0.57cvss 8.8epss 0.01
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially…
- risk 0.42cvss 7.5epss 0.02
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.
- risk 0.42cvss 7.5epss 0.02
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For…
- risk 0.51cvss 7.8epss 0.00
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects…
- risk 0.57cvss 8.8epss 0.01
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.
- risk 0.57cvss 8.8epss 0.02
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM…
- risk 0.49cvss 7.5epss 0.00
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM)…
- risk 0.49cvss 7.5epss 0.02
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"
- risk 0.49cvss 7.5epss 0.02
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.
- risk 0.48cvss 7.4epss 0.04
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname…
- risk 0.52cvss 7.5epss 0.06
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
- risk 0.51cvss 7.8epss 0.00
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
- risk 0.57cvss 8.8epss 0.03
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
- risk 0.58cvss 8.8epss 0.07
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
- risk 0.46cvss 7.0epss 0.00
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
- risk 0.51cvss 7.8epss 0.00
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.
- risk 0.51cvss 7.8epss 0.00
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds…
- risk 0.42cvss 7.5epss 0.03
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
- risk 0.49cvss 7.5epss 0.05
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
- risk 0.54cvss 7.8epss 0.04
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
- risk 0.53cvss 8.1epss 0.01
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.