2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2446 — Apple Safari: It allows remote attackers to execute arbitrary code via a crafted web site that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2446

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. CVSSv3.1 8.8 (HIGH)

VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2444 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2444

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-04-02
2017-04-02 01:59Z
CRIT

CVE-2017-2434 — Apple Iphone_os: It allows attackers to have an unspecified impact by leveraging the presence of Home

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2434

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center. CVSSv3.1 9.8 (CRITICAL)

CWECWE 20VNDAppleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2433 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2433

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-04-02
2017-04-02 01:59Z
CRIT

CVE-2017-2428 — Apple Iphone_os: It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2428

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)

VNDAppleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-04-02
2017-04-02 01:59Z
CRIT

CVE-2017-2423 — Apple Iphone_os: It allows remote attackers to bypass intended access restrictions by leveraging a successful result

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2423

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature. CVSSv3.1 9.8 (CRITICAL)

CWECWE 347VNDAppleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2415 — Apple Iphone_os: It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion."

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2415

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion." CVSSv3.1 8.8 (HIGH)

VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2405 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2405

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2403 — Apple Mac_os_x: A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2403

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL. CVSSv3.1 8.8 (HIGH)

CWECWE 134VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-04-02
2017-04-02 01:59Z
CRIT

CVE-2017-2402 — Apple Mac_os_x: It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2402

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained. CVSSv3.1 9.8 (CRITICAL)

VNDAppleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2396 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2396

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2395 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2395

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2394 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2394

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2389 — Apple Safari: It allows remote attackers to spoof an HTTP authentication sheet or cause a denial

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2389

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site. CVSSv3.1 8.1 (HIGH)

VNDAppleTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2381 — Apple Mac_os_x: It allows remote authenticated users to gain privileges by leveraging membership in the admin

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2381

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server. CVSSv3.1 8.8 (HIGH)

VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-04-02
2017-04-02 01:59Z
HIGH

CVE-2017-2378 — Apple Safari: It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2378

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. CVSSv3.1 8.8 (HIGH)

CWECWE 20VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-04-01
2017-04-01 02:59Z
HIGH

CVE-2017-7393 — Tigervnc Tigervnc: In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-7393

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 415VNDTigervncTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-31
2017-03-31 19:59Z
HIGH

CVE-2016-6560 — Illumos Illumos: osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6560

illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. CVSSv3.1 8.6 (HIGH)

CWECWE 20CWECWE 195TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-03-31
2017-03-31 18:59Z
HIGH

CVE-2016-9707 — Ibm Rational_rhapsody_design_manager: Jazz Foundation is vulnerable to a denial of service, caused by an XML

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9707

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. CVSSv3.1 8.1 (HIGH)

CWECWE 611VNDIbmTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-31
2017-03-31 18:59Z
HIGH

CVE-2016-8917 — Ibm Sterling_selling_and_fulfillment_foundation: Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8917

IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-31
2017-03-31 18:59Z
CRIT

CVE-2016-6111 — Ibm Curam_social_program_management: Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6111

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. CVSSv3.1 9.1 (CRITICAL)

CWECWE 611VNDIbmTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-03-31
2017-03-31 16:59Z
CRIT

CVE-2017-3010 — Adobe Acrobat: Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3010

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDAdobeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-31
2017-03-31 16:59Z
CRIT

CVE-2014-5009 — Snoopy Snoopy: allows remote attackers to execute arbitrary commands.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-5009

Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDSnoopyVNDNagiosTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-31
2017-03-31 16:59Z
CRIT

CVE-2014-5008 — Snoopy Snoopy: allows remote attackers to execute arbitrary commands.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-5008

Snoopy allows remote attackers to execute arbitrary commands. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDSnoopyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-31
2017-03-31 16:59Z
CRIT

CVE-2008-7313 — Snoopy Snoopy: The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2008-7313

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDSnoopyVNDNagiosTYPVulnerability
9.8
CVSS v3.1
99
Edit Score