2017-03-22
2017-03-22 14:59Z
HIGH

CVE-2017-6970 — Alienvault Ossim: USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6970

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. CVSSv3.1 8.4 (HIGH)

CWECWE 78VNDAlienvaultVNDNfsenTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2017-03-22
2017-03-22 05:59Z
HIGH

CVE-2017-5874 — D-link Dir-600m_firmware: CSRF exists on D-Link DIR-600M Rev.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5874

CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDD LinkVNDCsrfTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-21
2017-03-21 18:59Z
CRIT

CVE-2017-7214 — Openstack Nova: An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-7214

An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. CVSSv3.1 9.8 (CRITICAL)

CWECWE 532VNDOpenstackTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-21
2017-03-21 16:59Z
HIGH

CVE-2016-4504 — Meteocontrol Weblog: A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-4504

A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDMeteocontrolTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-21
2017-03-21 06:59Z
CRIT

CVE-2014-9939 — Gnu Binutils: ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-9939

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDGnuTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-20
2017-03-20 20:59Z
HIGH

CVE-2016-4929 — Juniper Junos_space: Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-4929

Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. CVSSv3.1 8.8 (HIGH)

CWECWE 77VNDJuniperVNDCommandTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-20
2017-03-20 20:59Z
HIGH

CVE-2016-4928 — Juniper Junos_space: Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-4928

Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDJuniperTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-03-20
2017-03-20 20:59Z
HIGH

CVE-2016-4927 — Juniper Junos_space: Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-4927

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. CVSSv3.1 8.1 (HIGH)

CWECWE 20VNDJuniperVNDSshTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-20
2017-03-20 20:59Z
CRIT

CVE-2016-4926 — Juniper Junos_space: Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-4926

Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDJuniperVNDJunosTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-20
2017-03-20 16:59Z
HIGH

CVE-2017-6803 — Solarwinds Ftp_voyager: Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6803

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDSolarwindsVNDCsrfTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-20
2017-03-20 16:59Z
CRIT

CVE-2017-6550 — Kinsey Infor-lawson: Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6550

Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDKinseyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-20
2017-03-20 16:59Z
HIGH

CVE-2017-1151 — Ibm Websphere_application_server: WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-1151

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293. CVSSv3.1 8.1 (HIGH)

VNDIbmTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-20
2017-03-20 16:59Z
HIGH

CVE-2017-1145 — Ibm Websphere_mq: WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-1145

IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672. CVSSv3.1 8.6 (HIGH)

CWECWE 404VNDIbmTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-03-20
2017-03-20 16:59Z
HIGH

CVE-2015-8983 — Gnu Glibc: Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8983

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. CVSSv3.1 8.1 (HIGH)

CWECWE 190VNDGnuTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-20
2017-03-20 16:59Z
CRIT

CVE-2015-8954 — Openinfosecfoundation Suricata: The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8954

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. CVSSv3.1 9.8 (CRITICAL)

CWECWE 264VNDOpeninfosecfoundationVNDMemcmplowercaseTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-20
2017-03-20 16:59Z
CRIT

CVE-2014-9847 — Opensuse_project Studio_onsite: The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-9847

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDImagemagickVNDOpensuse ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-20
2017-03-20 16:59Z
CRIT

CVE-2014-9846 — Suse Studio_onsite: Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-9846

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDBufferVNDOpensuse ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-20
2017-03-20 16:59Z
CRIT

CVE-2014-9843 — Opensuse Opensuse: The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-9843

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDOpensuse ProjectVNDDecodepsdpixelsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-20
2017-03-20 16:59Z
CRIT

CVE-2014-9841 — Opensuse Opensuse: The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-9841

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." CVSSv3.1 9.8 (CRITICAL)

CWECWE 388VNDOpensuse ProjectVNDReadpsdlayersTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-20
2017-03-20 00:59Z
HIGH

CVE-2014-9938 — Git-scm Git: contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 116VNDGitVNDGit ScmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-18
2017-03-18 20:59Z
HIGH

CVE-2017-7178 — Deluge-torrent Deluge: CSRF was discovered in the web UI in Deluge before 1.3.14.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDCsrfVNDDeluge TorrentTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-18
2017-03-18 20:59Z
CRIT

CVE-2016-10253 — Erlang Erlang\/otp: Erlang's generation of compiled regular expressions is vulnerable to a heap overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10253

An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDErlangTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-17
2017-03-17 23:59Z
CRIT

CVE-2017-7174 — Chef_manage_project Chef_manage: The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-7174

The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5. CVSSv3.1 9.8 (CRITICAL)

VNDChef Manage ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-17
2017-03-17 17:59Z
CRIT

CVE-2017-6880 — Cerberus Cerberus_ftp_server: Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6880

Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDBufferVNDCerberusTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-17
2017-03-17 14:59Z
HIGH

CVE-2015-3884 — Qdpm Qdpm: Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-3884

Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. CVSSv3.1 8.8 (HIGH)

CWECWE 434VNDQdpmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score