Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2017-2446 — Apple Safari: It allows remote attackers to execute arbitrary code via a crafted web site that
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. CVSSv3.1 8.8 (HIGH)
CVE-2017-2444 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)
CVE-2017-2434 — Apple Iphone_os: It allows attackers to have an unspecified impact by leveraging the presence of Home
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-2433 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)
CVE-2017-2428 — Apple Iphone_os: It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-2423 — Apple Iphone_os: It allows remote attackers to bypass intended access restrictions by leveraging a successful result
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-2415 — Apple Iphone_os: It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion."
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion." CVSSv3.1 8.8 (HIGH)
CVE-2017-2405 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)
CVE-2017-2403 — Apple Mac_os_x: A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL. CVSSv3.1 8.8 (HIGH)
CVE-2017-2402 — Apple Mac_os_x: It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-2396 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)
CVE-2017-2395 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)
CVE-2017-2394 — Apple Safari: It allows remote attackers to execute arbitrary code or cause a denial of service
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)
CVE-2017-2389 — Apple Safari: It allows remote attackers to spoof an HTTP authentication sheet or cause a denial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site. CVSSv3.1 8.1 (HIGH)
CVE-2017-2381 — Apple Mac_os_x: It allows remote authenticated users to gain privileges by leveraging membership in the admin
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server. CVSSv3.1 8.8 (HIGH)
CVE-2017-2378 — Apple Safari: It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. CVSSv3.1 8.8 (HIGH)
CVE-2017-7393 — Tigervnc Tigervnc: In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. CVSSv3.1 8.8 (HIGH)
CVE-2016-6560 — Illumos Illumos: osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a
illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. CVSSv3.1 8.6 (HIGH)
CVE-2016-9707 — Ibm Rational_rhapsody_design_manager: Jazz Foundation is vulnerable to a denial of service, caused by an XML
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. CVSSv3.1 8.1 (HIGH)
CVE-2016-8917 — Ibm Sterling_selling_and_fulfillment_foundation: Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943. CVSSv3.1 8.8 (HIGH)
CVE-2016-6111 — Ibm Curam_social_program_management: Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. CVSSv3.1 9.1 (CRITICAL)
CVE-2017-3010 — Adobe Acrobat: Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 9.8 (CRITICAL)
CVE-2014-5009 — Snoopy Snoopy: allows remote attackers to execute arbitrary commands.
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. CVSSv3.1 9.8 (CRITICAL)
CVE-2014-5008 — Snoopy Snoopy: allows remote attackers to execute arbitrary commands.
Snoopy allows remote attackers to execute arbitrary commands. CVSSv3.1 9.8 (CRITICAL)
CVE-2008-7313 — Snoopy Snoopy: The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands.
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. CVSSv3.1 9.8 (CRITICAL)