Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2017-6970 — Alienvault Ossim: USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. CVSSv3.1 8.4 (HIGH)
CVE-2017-5874 — D-link Dir-600m_firmware: CSRF exists on D-Link DIR-600M Rev.
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. CVSSv3.1 8.8 (HIGH)
CVE-2017-7214 — Openstack Nova: An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-4504 — Meteocontrol Weblog: A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. CVSSv3.1 8.8 (HIGH)
CVE-2014-9939 — Gnu Binutils: ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-4929 — Juniper Junos_space: Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. CVSSv3.1 8.8 (HIGH)
CVE-2016-4928 — Juniper Junos_space: Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. CVSSv3.1 8.8 (HIGH)
CVE-2016-4927 — Juniper Junos_space: Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. CVSSv3.1 8.1 (HIGH)
CVE-2016-4926 — Juniper Junos_space: Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-6803 — Solarwinds Ftp_voyager: Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. CVSSv3.1 8.8 (HIGH)
CVE-2017-6550 — Kinsey Infor-lawson: Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-1151 — Ibm Websphere_application_server: WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293. CVSSv3.1 8.1 (HIGH)
CVE-2017-1145 — Ibm Websphere_mq: WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672. CVSSv3.1 8.6 (HIGH)
CVE-2015-8983 — Gnu Glibc: Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. CVSSv3.1 8.1 (HIGH)
CVE-2015-8954 — Openinfosecfoundation Suricata: The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. CVSSv3.1 9.8 (CRITICAL)
CVE-2014-9847 — Opensuse_project Studio_onsite: The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. CVSSv3.1 9.8 (CRITICAL)
CVE-2014-9846 — Suse Studio_onsite: Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. CVSSv3.1 9.8 (CRITICAL)
CVE-2014-9843 — Opensuse Opensuse: The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)
CVE-2014-9841 — Opensuse Opensuse: The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." CVSSv3.1 9.8 (CRITICAL)
CVE-2014-9938 — Git-scm Git: contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. CVSSv3.1 8.8 (HIGH)
CVE-2017-7178 — Deluge-torrent Deluge: CSRF was discovered in the web UI in Deluge before 1.3.14.
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. CVSSv3.1 8.8 (HIGH)
CVE-2016-10253 — Erlang Erlang\/otp: Erlang's generation of compiled regular expressions is vulnerable to a heap overflow.
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-7174 — Chef_manage_project Chef_manage: The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to
The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-6880 — Cerberus Cerberus_ftp_server: Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. CVSSv3.1 9.8 (CRITICAL)
CVE-2015-3884 — Qdpm Qdpm: Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. CVSSv3.1 8.8 (HIGH)