CVE List - 2017 / April
Showing 701 - 800 of 1568 CVEs for April 2017 (Page 8 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2016-4893 | 2017-04-12 | SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2016-4894 | 2017-04-12 | SetsucoCMS all versions allows remote attackers to cause a denial of service via unspecified vectors. |
| CVE-2016-4895 | 2017-04-12 | SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors. |
| CVE-2016-4896 | 2017-04-12 | SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors. |
| CVE-2016-4897 | 2017-04-12 | Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690. |
| CVE-2016-5313 | 2017-04-12 | Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. |
| CVE-2016-5856 | 2017-04-12 | Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. |
| CVE-2016-6348 | 2017-04-12 | JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. |
| CVE-2017-5936 | 2017-04-12 | OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions. |
| CVE-2017-7279 | 2017-04-12 | An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. |
| CVE-2017-7280 | 2017-04-12 | An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code... |
| CVE-2017-7281 | 2017-04-12 | An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user... |
| CVE-2017-7284 | 2017-04-12 | An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current... |
| CVE-2017-7700 | 2017-04-12 | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c... |
| CVE-2017-7701 | 2017-04-12 | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed... |
| CVE-2017-7702 | 2017-04-12 | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed... |
| CVE-2017-7703 | 2017-04-12 | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating... |
| CVE-2017-7704 | 2017-04-12 | In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using... |
| CVE-2017-7705 | 2017-04-12 | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This... |
| CVE-2017-7745 | 2017-04-12 | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed... |
| CVE-2017-7746 | 2017-04-12 | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed... |
| CVE-2017-7747 | 2017-04-12 | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting... |
| CVE-2017-7748 | 2017-04-12 | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed... |
| CVE-2017-7626 | 2017-04-13 | The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method). |
| CVE-2017-7627 | 2017-04-13 | The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check). |
| CVE-2017-7628 | 2017-04-13 | The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). |
| CVE-2012-6697 | 2017-04-13 | InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop). |
| CVE-2014-2710 | 2017-04-13 | Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page... |
| CVE-2015-1838 | 2017-04-13 | modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. |
| CVE-2015-1839 | 2017-04-13 | modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. |
| CVE-2015-6674 | 2017-04-13 | Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete... |
| CVE-2015-7565 | 2017-04-13 | Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote... |
| CVE-2015-7740 | 2017-04-13 | Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes... |
| CVE-2015-8107 | 2017-04-13 | Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. |
| CVE-2015-8223 | 2017-04-13 | Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted... |
| CVE-2015-8270 | 2017-04-13 | The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash). |
| CVE-2015-8271 | 2017-04-13 | The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code. |
| CVE-2015-8272 | 2017-04-13 | RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash). |
| CVE-2015-8282 | 2017-04-13 | SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. |
| CVE-2015-8283 | 2017-04-13 | Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00. |
| CVE-2015-8284 | 2017-04-13 | SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions. |
| CVE-2015-8864 | 2017-04-13 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability... |
| CVE-2016-10117 | 2017-04-13 | Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc. |
| CVE-2016-10118 | 2017-04-13 | Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /. |
| CVE-2016-10119 | 2017-04-13 | Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges. |
| CVE-2016-10120 | 2017-04-13 | Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. |
| CVE-2016-10121 | 2017-04-13 | Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. |
| CVE-2016-10122 | 2017-04-13 | Firejail does not properly clean environment variables, which allows local users to gain privileges. |
| CVE-2016-10123 | 2017-04-13 | Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. |
| CVE-2016-1132 | 2017-04-13 | Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. |
| CVE-2016-1914 | 2017-04-13 | Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to... |
| CVE-2016-1915 | 2017-04-13 | Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1)... |
| CVE-2016-2104 | 2017-04-13 | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name,... |
| CVE-2016-2555 | 2017-04-13 | SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. |
| CVE-2016-3106 | 2017-04-13 | Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. |
| CVE-2016-4068 | 2017-04-13 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability... |
| CVE-2016-4800 | 2017-04-13 | The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL... |
| CVE-2016-4970 | 2017-04-13 | handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop). |
| CVE-2016-6143 | 2017-04-13 | SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. |
| CVE-2017-7219 | 2017-04-13 | A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary... |
| CVE-2010-1816 | 2017-04-13 | Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a... |
| CVE-2010-1821 | 2017-04-13 | Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. |
| CVE-2014-7920 | 2017-04-13 | mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. |
| CVE-2014-7921 | 2017-04-13 | mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. |
| CVE-2016-10324 | 2017-04-13 | In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. |
| CVE-2016-10325 | 2017-04-13 | In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. |
| CVE-2016-10326 | 2017-04-13 | In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. |
| CVE-2017-7853 | 2017-04-13 | In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote... |
| CVE-2015-8780 | 2017-04-13 | Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. |
| CVE-2016-2036 | 2017-04-13 | The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger... |
| CVE-2016-2565 | 2017-04-13 | Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. |
| CVE-2016-2566 | 2017-04-13 | Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. |
| CVE-2016-2567 | 2017-04-13 | secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional... |
| CVE-2016-4030 | 2017-04-13 | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy... |
| CVE-2016-4031 | 2017-04-13 | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy... |
| CVE-2016-4032 | 2017-04-13 | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy... |
| CVE-2017-7854 | 2017-04-13 | The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. |
| CVE-2012-1301 | 2017-04-13 | The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. |
| CVE-2013-6648 | 2017-04-13 | SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash). |
| CVE-2013-6662 | 2017-04-13 | Google Chrome caches TLS sessions before certificate validation occurs. |
| CVE-2014-3887 | 2017-04-13 | Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability... |
| CVE-2015-2947 | 2017-04-13 | KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic. |
| CVE-2015-4646 | 2017-04-13 | (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input. |
| CVE-2015-8345 | 2017-04-13 | The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. |
| CVE-2015-8567 | 2017-04-13 | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). |
| CVE-2015-8619 | 2017-04-13 | The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). |
| CVE-2016-1155 | 2017-04-13 | HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. |
| CVE-2016-4898 | 2017-04-13 | The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. |
| CVE-2016-4899 | 2017-04-13 | The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. |
| CVE-2016-7834 | 2017-04-13 | SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520,... |
| CVE-2017-7725 | 2017-04-13 | concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings.... |
| CVE-2016-6818 | 2017-04-13 | SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative... |
| CVE-2016-8712 | 2017-04-13 | An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and... |
| CVE-2016-8720 | 2017-04-13 | An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a... |
| CVE-2016-8722 | 2017-04-13 | An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information... |
| CVE-2016-8723 | 2017-04-13 | An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will... |
| CVE-2016-8724 | 2017-04-13 | An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve... |
| CVE-2016-8725 | 2017-04-13 | An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive... |
| CVE-2016-8726 | 2017-04-13 | An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank... |
| CVE-2016-8727 | 2017-04-13 | An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system... |