2017-03-27
2017-03-27 02:59Z
HIGH

CVE-2017-6068 — Intelliants Subrion_cms: Subrion CMS 4.0.5 has CSRF in admin/blocks/add/.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6068

Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIntelliantsVNDSubrionTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-27
2017-03-27 02:59Z
HIGH

CVE-2017-6066 — Intelliants Subrion_cms: Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6066

Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIntelliantsVNDSubrionTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-27
2017-03-27 02:59Z
CRIT

CVE-2017-6013 — Intelliants Subrion_cms: Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6013

Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDIntelliantsVNDSubrionTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-27
2017-03-27 02:59Z
HIGH

CVE-2017-6002 — Intelliants Subrion_cms: Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6002

Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIntelliantsVNDSubrionTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-26
2017-03-26 18:59Z
CRIT

CVE-2017-2641 — Moodle Moodle: In Moodle 2.x and 3.x, SQL injection can occur via user preferences.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2641

In Moodle 2.x and 3.x, SQL injection can occur via user preferences. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDMoodleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-26
2017-03-26 05:59Z
HIGH

CVE-2016-10273 — Jensenofscandinavia Air\: Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10273

Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary code or crash the web service via the (1) ateFunc, (2) ateGain, (3) ateTxCount, (4) ateChan, (5) ateRate, (6) ateMacID, (7) e2pTxPower1, (8) e2pTxPower2, (9) e2pTxPower3, (10) e2pTxPower4, (11) e2pTxPower5, (12) e2pTxP CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDJensenofscandinaviaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-24
2017-03-24 15:59Z
CRIT

CVE-2017-5511 — Imagemagick Imagemagick: coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5511

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDImagemagickTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-03-24
2017-03-24 15:59Z
CRIT

CVE-2017-5337 — Opensuse Leap: Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5337

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDGnuTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-24
2017-03-24 15:59Z
CRIT

CVE-2017-5336 — Opensuse Leap: Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5336

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDGnuVNDStackTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-24
2017-03-24 15:59Z
CRIT

CVE-2017-5334 — Opensuse Leap: Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5334

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. CVSSv3.1 9.8 (CRITICAL)

CWECWE 415VNDGnuVNDDoubleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-24
2017-03-24 15:59Z
CRIT

CVE-2016-6206 — Huawei Ar3200_firmware: AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6206

Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. CVSSv3.1 9.8 (CRITICAL)

CWECWE 20VNDHuaweiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-24
2017-03-24 15:59Z
CRIT

CVE-2016-10145 — Imagemagick Imagemagick: Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10145

Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. CVSSv3.1 9.8 (CRITICAL)

CWECWE 189VNDImagemagickVNDOffTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-24
2017-03-24 15:59Z
CRIT

CVE-2016-10144 — Imagemagick Imagemagick: coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10144

coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDImagemagickTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-24
2017-03-24 15:59Z
CRIT

CVE-2016-10133 — Artifex Mujs: Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10133

Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDHeapVNDArtifexTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-24
2017-03-24 15:59Z
CRIT

CVE-2016-10128 — Libgit2_project Libgit2: Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10128

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDBufferVNDLibgit2 ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-24
2017-03-24 14:59Z
HIGH

CVE-2017-6087 — Eonweb_project Eonweb: EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6087

EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php. CVSSv3.1 8.8 (HIGH)

CWECWE 78VNDEonweb ProjectVNDEyesofnetworkTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-24
2017-03-24 14:59Z
HIGH

CVE-2017-5869 — Nuxeo Nuxeo: Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5869

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header. CVSSv3.1 8.8 (HIGH)

CWECWE 22VNDNuxeoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-24
2017-03-24 14:59Z
CRIT

CVE-2015-8556 — Qemu Qemu: Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8556

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. CVSSv3.1 10.0 (CRITICAL)

CWECWE 362VNDQemuTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2017-03-24
2017-03-24 07:59Z
HIGH

CVE-2017-5199 — Solarwinds Log_and_event_manager: The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5199

The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. CVSSv3.1 8.8 (HIGH)

CWECWE 732VNDSolarwindsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-24
2017-03-24 07:59Z
HIGH

CVE-2017-5198 — Solarwinds Log_and_event_manager: LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5198

SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. CVSSv3.1 8.8 (HIGH)

VNDSolarwindsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-23
2017-03-23 20:59Z
CRIT

CVE-2017-6950 — Sap Gui_for_windows: GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6950

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. CVSSv3.1 9.8 (CRITICAL)

CWECWE 732VNDSapTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 20:59Z
CRIT

CVE-2017-6895 — Usb_pratirodh_project Usb_pratirodh: USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6895

USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. CVSSv3.1 9.8 (CRITICAL)

CWECWE 611VNDUsb Pratirodh ProjectVNDUsbTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 20:59Z
CRIT

CVE-2017-6517 — Microsoft Skype: 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6517

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe proces CVSSv3.1 9.8 (CRITICAL)

CWECWE 427VNDMicrosoftTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 20:59Z
CRIT

CVE-2015-8626 — Mediawiki Mediawiki: The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8626

The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. CVSSv3.1 9.8 (CRITICAL)

CWECWE 255VNDMediawikiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 20:59Z
HIGH

CVE-2015-8624 — Mediawiki Mediawiki: The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8624

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDMediawikiTYPVulnerability
8.8
CVSS v3.1
94
Edit Score