2017-03-23
2017-03-23 20:59Z
HIGH

CVE-2015-8623 — Mediawiki Mediawiki: The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8623

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDMediawikiTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-23
2017-03-23 20:59Z
CRIT

CVE-2015-5729 — Samsung Nt14u_firmware: The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-5729

The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack. CVSSv3.1 9.8 (CRITICAL)

CWECWE 200VNDSamsungVNDSoftTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 20:59Z
CRIT

CVE-2015-4166 — Cloudera Key_trustee_server: Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-4166

Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. CVSSv3.1 9.8 (CRITICAL)

CWECWE 320VNDClouderaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 20:59Z
CRIT

CVE-2015-0855 — Pitivi Pitivi: The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-0855

The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDPitiviTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 17:59Z
CRIT

CVE-2014-8731 — Phpmemcachedadmin_project Phpmemcachedadmin: 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-8731

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDPhpmemcachedadmin ProjectVNDPhpmemcachedadminTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 17:59Z
CRIT

CVE-2014-7279 — Kankunit Konke_smart_plug_firmware: The Konke Smart Plug K does not require authentication for TELNET sessions, which allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-7279

The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. CVSSv3.1 9.8 (CRITICAL)

CWECWE 264VNDKankunitVNDKonkeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 16:59Z
CRIT

CVE-2017-6361 — Qnap Qts: before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6361

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 78VNDQnapTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-03-23
2017-03-23 16:59Z
CRIT

CVE-2017-6360 — Qnap Qts: before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6360

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 78VNDQnapTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 16:59Z
CRIT

CVE-2017-6359 — Qnap Qts: before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6359

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 78VNDQnapTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 16:59Z
CRIT

CVE-2017-5897 — Linux Linux_kernel: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5897

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. CVSSv3.1 9.8 (CRITICAL)

CWECWE 125VNDCanonicalTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 16:59Z
CRIT

CVE-2017-5538 — Samsung Samsung_mobile: The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5538

The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362. CVSSv3.1 9.8 (CRITICAL)

CWECWE 125VNDSamsungTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 16:59Z
CRIT

CVE-2017-5206 — Firejail_project Firejail: before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5206

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. CVSSv3.1 9.0 (CRITICAL)

VNDFirejail ProjectVNDFirejailTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2017-03-23
2017-03-23 06:59Z
HIGH

CVE-2016-5758 — Netiq Access_manager: A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5758

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDNetiqTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-23
2017-03-23 06:59Z
CRIT

CVE-2016-5757 — Netiq Access_manager: iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5757

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. CVSSv3.1 9.8 (CRITICAL)

CWECWE 200VNDNetiqTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-23
2017-03-23 06:59Z
HIGH

CVE-2016-5750 — Netiq Access_manager: The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5750

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. CVSSv3.1 8.8 (HIGH)

CWECWE 284VNDNetiqTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-23
2017-03-23 06:59Z
HIGH

CVE-2016-1597 — Netiq Access_governance_suite: A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-1597

A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. CVSSv3.1 8.8 (HIGH)

CWECWE 264VNDNetiqTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-23
2017-03-23 04:59Z
HIGH

CVE-2017-7235 — Cloudflare-scrape_project Cloudflare-scrape: An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-7235

An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0. CVSSv3.1 8.8 (HIGH)

CWECWE 20VNDCloudflare Scrape ProjectTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-22
2017-03-22 20:59Z
CRIT

CVE-2017-6972 — Alienvault Ossim: USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6972

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971. CVSSv3.1 9.8 (CRITICAL)

CWECWE 273VNDAlienvaultVNDNfsenTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-22
2017-03-22 19:59Z
HIGH

CVE-2017-3864 — Cisco Ios: A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3864

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker CVSSv3.1 8.6 (HIGH)

CWECWE 399VNDCiscoVNDDhcpTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-03-22
2017-03-22 19:59Z
HIGH

CVE-2017-3858 — Cisco Ios_xe: A vulnerability in the web framework of Cisco IOS XE Software could allow an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3858

A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected web page parameter. The user must be authenticated to access the affected paramete CVSSv3.1 8.8 (HIGH)

CWECWE 20VNDCiscoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-22
2017-03-22 19:59Z
CRIT

CVE-2017-3853 — Cisco Iox: A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3853

A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDCiscoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-22
2017-03-22 19:59Z
HIGH

CVE-2017-3852 — Cisco Iox: A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3852

A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The imp CVSSv3.1 8.1 (HIGH)

CWECWE 20VNDCiscoTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-22
2017-03-22 18:59Z
CRIT

CVE-2017-7230 — Disksorter Disk_sorter: A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-7230

A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDDisksorterVNDDiskTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-22
2017-03-22 16:59Z
CRIT

CVE-2017-7226 — Gnu Binutils: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-7226

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. CVSSv3.1 9.1 (CRITICAL)

CWECWE 125VNDGnuVNDBinaryTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-03-22
2017-03-22 14:59Z
HIGH

CVE-2017-6971 — Alienvault Ossim: USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6971

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. CVSSv3.1 8.8 (HIGH)

CWECWE 74VNDAlienvaultVNDNfsenTYPVulnerability
8.8
CVSS v3.1
94
Edit Score