CVE List - 2017 / March
Showing 1201 - 1300 of 1302 CVEs for March 2017 (Page 13 of 14)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2016-6846 | 2017-03-29 | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web... |
| CVE-2016-9924 | 2017-03-29 | Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. |
| CVE-2017-5671 | 2017-03-29 | Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users... |
| CVE-2017-5900 | 2017-03-29 | Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm. |
| CVE-2017-7285 | 2017-03-29 | A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets,... |
| CVE-2017-7299 | 2017-03-29 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in... |
| CVE-2017-7300 | 2017-03-29 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because... |
| CVE-2017-7301 | 2017-03-29 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully... |
| CVE-2017-7302 | 2017-03-29 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4)... |
| CVE-2017-7303 | 2017-03-29 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the... |
| CVE-2017-7304 | 2017-03-29 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the... |
| CVE-2014-3582 | 2017-03-29 | In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. |
| CVE-2016-2379 | 2017-03-29 | The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login... |
| CVE-2016-4976 | 2017-03-29 | Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. |
| CVE-2016-6349 | 2017-03-29 | The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command. |
| CVE-2017-7258 | 2017-03-29 | HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which... |
| CVE-2017-7308 | 2017-03-29 | The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness... |
| CVE-2017-4977 | 2017-03-29 | EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to... |
| CVE-2017-4980 | 2017-03-29 | EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 -... |
| CVE-2017-7310 | 2017-03-29 | A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before... |
| CVE-2016-10306 | 2017-03-30 | Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying... |
| CVE-2016-10307 | 2017-03-30 | Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is... |
| CVE-2016-10308 | 2017-03-30 | Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible... |
| CVE-2016-10309 | 2017-03-30 | In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. |
| CVE-2017-7290 | 2017-03-30 | SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses... |
| CVE-2017-7318 | 2017-03-30 | Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and... |
| CVE-2017-7320 | 2017-03-30 | setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota... |
| CVE-2017-7321 | 2017-03-30 | setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. |
| CVE-2017-7322 | 2017-03-30 | The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger... |
| CVE-2017-7323 | 2017-03-30 | The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary... |
| CVE-2017-7324 | 2017-03-30 | setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. |
| CVE-2016-10305 | 2017-03-30 | Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink <... |
| CVE-2016-7541 | 2017-03-30 | Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode.... |
| CVE-2016-7542 | 2017-03-30 | A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on... |
| CVE-2014-9804 | 2017-03-30 | vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." |
| CVE-2014-9805 | 2017-03-30 | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. |
| CVE-2014-9806 | 2017-03-30 | ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. |
| CVE-2014-9807 | 2017-03-30 | The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. |
| CVE-2014-9808 | 2017-03-30 | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. |
| CVE-2014-9809 | 2017-03-30 | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. |
| CVE-2014-9810 | 2017-03-30 | The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. |
| CVE-2014-9811 | 2017-03-30 | The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. |
| CVE-2014-9812 | 2017-03-30 | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. |
| CVE-2014-9813 | 2017-03-30 | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. |
| CVE-2014-9814 | 2017-03-30 | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. |
| CVE-2014-9815 | 2017-03-30 | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. |
| CVE-2014-9816 | 2017-03-30 | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. |
| CVE-2014-9817 | 2017-03-30 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. |
| CVE-2014-9818 | 2017-03-30 | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. |
| CVE-2014-9819 | 2017-03-30 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. |
| CVE-2014-9820 | 2017-03-30 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. |
| CVE-2014-9821 | 2017-03-30 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. |
| CVE-2014-9822 | 2017-03-30 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. |
| CVE-2014-9823 | 2017-03-30 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. |
| CVE-2014-9824 | 2017-03-30 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. |
| CVE-2014-9825 | 2017-03-30 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. |
| CVE-2014-9826 | 2017-03-30 | ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. |
| CVE-2017-5184 | 2017-03-30 | A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). |
| CVE-2017-5185 | 2017-03-30 | A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. |
| CVE-2017-6182 | 2017-03-30 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. |
| CVE-2017-6183 | 2017-03-30 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. |
| CVE-2017-6184 | 2017-03-30 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. |
| CVE-2017-6412 | 2017-03-30 | In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. |
| CVE-2017-7253 | 2017-03-30 | Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login... |
| CVE-2017-7346 | 2017-03-30 | The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via... |
| CVE-2016-9319 | 2017-03-31 | There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. |
| CVE-2017-2647 | 2017-03-31 | The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving... |
| CVE-2017-6973 | 2017-03-31 | A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2,... |
| CVE-2017-7241 | 2017-03-31 | A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content... |
| CVE-2017-7309 | 2017-03-31 | A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This... |
| CVE-2017-7359 | 2017-03-31 | Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. |
| CVE-2017-7360 | 2017-03-31 | Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. |
| CVE-2017-7361 | 2017-03-31 | Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. |
| CVE-2017-7362 | 2017-03-31 | Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. |
| CVE-2017-7363 | 2017-03-31 | Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. |
| CVE-2008-7313 | 2017-03-31 | The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. |
| CVE-2014-5008 | 2017-03-31 | Snoopy allows remote attackers to execute arbitrary commands. |
| CVE-2014-5009 | 2017-03-31 | Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. |
| CVE-2014-9114 | 2017-03-31 | Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. |
| CVE-2015-4624 | 2017-03-31 | Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. |
| CVE-2016-6209 | 2017-03-31 | Cross-site scripting (XSS) vulnerability in Nagios. |
| CVE-2017-3009 | 2017-03-31 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure. |
| CVE-2017-3010 | 2017-03-31 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code... |
| CVE-2014-3931 | 2017-03-31 | fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. |
| CVE-2016-6022 | 2017-03-31 | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2016-6031 | 2017-03-31 | IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2016-6036 | 2017-03-31 | IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2016-6111 | 2017-03-31 | IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote... |
| CVE-2016-8917 | 2017-03-31 | IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the... |
| CVE-2016-8935 | 2017-03-31 | IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2016-9707 | 2017-03-31 | IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability... |
| CVE-2016-9990 | 2017-03-31 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2017-1154 | 2017-03-31 | IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users.... |
| CVE-2017-1171 | 2017-03-31 | The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference... |
| CVE-2017-2775 | 2017-03-31 | An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file... |
| CVE-2016-6560 | 2017-03-31 | illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. |
| CVE-2016-6561 | 2017-03-31 | illumos smbsrv NULL pointer dereference allows system crash. |
| CVE-2017-7374 | 2017-03-31 | Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys... |
| CVE-2016-8032 | 2017-03-31 | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. |
| CVE-2017-7386 | 2017-03-31 | citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). |