CVE List - 2017 / April
Showing 401 - 500 of 1568 CVEs for April 2017 (Page 5 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-0580 | 2017-04-07 | An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated... |
| CVE-2017-0581 | 2017-04-07 | An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated... |
| CVE-2017-0582 | 2017-04-07 | An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue... |
| CVE-2017-0583 | 2017-04-07 | An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is... |
| CVE-2017-0584 | 2017-04-07 | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because... |
| CVE-2017-0585 | 2017-04-07 | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because... |
| CVE-2017-0586 | 2017-04-07 | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because... |
| CVE-2017-6019 | 2017-04-07 | An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it... |
| CVE-2017-6033 | 2017-04-07 | A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is... |
| CVE-2017-7590 | 2017-04-09 | OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. |
| CVE-2017-7589 | 2017-04-09 | In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code... |
| CVE-2017-7591 | 2017-04-09 | OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. |
| CVE-2017-7592 | 2017-04-09 | The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have... |
| CVE-2017-7593 | 2017-04-09 | tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. |
| CVE-2017-7594 | 2017-04-09 | The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. |
| CVE-2017-7595 | 2017-04-09 | The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. |
| CVE-2017-7596 | 2017-04-09 | LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or... |
| CVE-2017-7597 | 2017-04-09 | tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application... |
| CVE-2017-7598 | 2017-04-09 | tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. |
| CVE-2017-7599 | 2017-04-09 | LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or... |
| CVE-2017-7600 | 2017-04-09 | LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash)... |
| CVE-2017-7601 | 2017-04-09 | LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly... |
| CVE-2017-7602 | 2017-04-09 | LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. |
| CVE-2017-7603 | 2017-04-09 | au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other... |
| CVE-2017-7604 | 2017-04-09 | au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified... |
| CVE-2017-7605 | 2017-04-09 | aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact... |
| CVE-2017-7606 | 2017-04-09 | coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service... |
| CVE-2017-7607 | 2017-04-09 | The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
| CVE-2017-7608 | 2017-04-09 | The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
| CVE-2017-7609 | 2017-04-09 | elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. |
| CVE-2017-7610 | 2017-04-09 | The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
| CVE-2017-7611 | 2017-04-09 | The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
| CVE-2017-7612 | 2017-04-09 | The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
| CVE-2017-7613 | 2017-04-09 | elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a... |
| CVE-2017-7614 | 2017-04-09 | elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote... |
| CVE-2014-2960 | 2017-04-10 | Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files. |
| CVE-2015-2880 | 2017-04-10 | TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. |
| CVE-2015-2881 | 2017-04-10 | Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. |
| CVE-2015-2882 | 2017-04-10 | Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500... |
| CVE-2015-2883 | 2017-04-10 | Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. |
| CVE-2015-2884 | 2017-04-10 | Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. |
| CVE-2015-2885 | 2017-04-10 | Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest... |
| CVE-2015-2886 | 2017-04-10 | iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service. |
| CVE-2015-2887 | 2017-04-10 | iBaby M3S has a password of admin for the backdoor admin account. |
| CVE-2015-2888 | 2017-04-10 | Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service. |
| CVE-2015-2889 | 2017-04-10 | Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL. |
| CVE-2015-6021 | 2017-04-10 | Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. |
| CVE-2015-6027 | 2017-04-10 | Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. |
| CVE-2015-6028 | 2017-04-10 | Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. |
| CVE-2015-6035 | 2017-04-10 | Opsview before 2015-11-06 has XSS via SNMP. |
| CVE-2015-7260 | 2017-04-10 | Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file. |
| CVE-2015-7263 | 2017-04-10 | The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value. |
| CVE-2015-7264 | 2017-04-10 | The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. |
| CVE-2015-7265 | 2017-04-10 | Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks. |
| CVE-2015-7270 | 2017-04-10 | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. |
| CVE-2015-7271 | 2017-04-10 | Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. |
| CVE-2015-7272 | 2017-04-10 | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via... |
| CVE-2015-7273 | 2017-04-10 | Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. |
| CVE-2015-7274 | 2017-04-10 | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. |
| CVE-2015-7275 | 2017-04-10 | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. |
| CVE-2015-7292 | 2017-04-10 | Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact... |
| CVE-2015-8255 | 2017-04-10 | AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. |
| CVE-2015-8258 | 2017-04-10 | AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." |
| CVE-2015-8275 | 2017-04-10 | LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files. |
| CVE-2015-8276 | 2017-04-10 | LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files. |
| CVE-2016-1516 | 2017-04-10 | OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. |
| CVE-2016-1517 | 2017-04-10 | OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks. |
| CVE-2016-4317 | 2017-04-10 | Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. |
| CVE-2016-4318 | 2017-04-10 | Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. |
| CVE-2016-4319 | 2017-04-10 | Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. |
| CVE-2016-4320 | 2017-04-10 | Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. |
| CVE-2016-4334 | 2017-04-10 | Jive before 2016.3.1 has an open redirect from the external-link.jspa page. |
| CVE-2016-5051 | 2017-04-10 | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. |
| CVE-2016-5052 | 2017-04-10 | OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. |
| CVE-2016-5053 | 2017-04-10 | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. |
| CVE-2016-5054 | 2017-04-10 | OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. |
| CVE-2016-5055 | 2017-04-10 | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. |
| CVE-2016-5056 | 2017-04-10 | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. |
| CVE-2016-5057 | 2017-04-10 | OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning. |
| CVE-2016-5058 | 2017-04-10 | OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. |
| CVE-2016-5059 | 2017-04-10 | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application. |
| CVE-2016-5065 | 2017-04-10 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. |
| CVE-2016-5066 | 2017-04-10 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. |
| CVE-2016-5067 | 2017-04-10 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. |
| CVE-2016-5068 | 2017-04-10 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. |
| CVE-2016-5069 | 2017-04-10 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. |
| CVE-2016-5070 | 2017-04-10 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. |
| CVE-2016-5071 | 2017-04-10 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. |
| CVE-2016-5072 | 2017-04-10 | OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9,... |
| CVE-2016-5073 | 2017-04-10 | CloudView NMS before 2.10a has XSS via SNMP. |
| CVE-2016-5074 | 2017-04-10 | CloudView NMS before 2.10a has a format string issue exploitable over SNMP. |
| CVE-2016-5075 | 2017-04-10 | CloudView NMS before 2.10a has XSS via a TELNET login. |
| CVE-2016-5076 | 2017-04-10 | CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def. |
| CVE-2016-5077 | 2017-04-10 | Netikus EventSentry before 3.2.1.44 has XSS via SNMP. |
| CVE-2016-5078 | 2017-04-10 | Paessler PRTG before 16.2.24.4045 has XSS via SNMP. |
| CVE-2016-5642 | 2017-04-10 | Opmantek NMIS before 8.5.12G has XSS via SNMP. |
| CVE-2016-5682 | 2017-04-10 | Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. |
| CVE-2016-6534 | 2017-04-10 | Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations. |
| CVE-2015-8378 | 2017-04-10 | In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading... |
| CVE-2016-10304 | 2017-04-10 | The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java... |