2017-03-17
2017-03-17 14:59Z
CRIT

CVE-2014-9852 — Imagemagick Imagemagick: distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-9852

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 913VNDImagemagickTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-17
2017-03-17 14:59Z
CRIT

CVE-2014-8708 — Pluck-cms Pluck: CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-8708

Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. CVSSv3.1 9.8 (CRITICAL)

CWECWE 264VNDPluck CmsVNDPluckTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-17
2017-03-17 14:59Z
CRIT

CVE-2014-8705 — Wondercms Wondercms: PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-8705

PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 20VNDWondercmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-17
2017-03-17 14:59Z
CRIT

CVE-2014-8704 — Wondercms Wondercms: Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-8704

Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDWondercmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-17
2017-03-17 09:59Z
CRIT

CVE-2017-6969 — Gnu Binutils: readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6969

readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. CVSSv3.1 9.1 (CRITICAL)

CWECWE 125VNDGnuTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-03-17
2017-03-17 00:59Z
HIGH

CVE-2017-0104 — Microsoft Windows_server_2008: The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0104

The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability." CVSSv3.1 8.1 (HIGH)

CWECWE 190VNDMicrosoftTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-17
2017-03-17 00:59Z
HIGH

CVE-2017-0090 — Microsoft Windows_7: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0090

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMicrosoftVNDUniscribeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-03-17
2017-03-17 00:59Z
HIGH

CVE-2017-0089 — Microsoft Windows_7: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0089

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMicrosoftVNDUniscribeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-17
2017-03-17 00:59Z
HIGH

CVE-2017-0088 — Microsoft Windows_7: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0088

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMicrosoftVNDUniscribeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-17
2017-03-17 00:59Z
HIGH

CVE-2017-0087 — Microsoft Windows_7: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0087

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMicrosoftVNDUniscribeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-17
2017-03-17 00:59Z
HIGH

CVE-2017-0086 — Microsoft Windows_7: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0086

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMicrosoftVNDUniscribeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-17
2017-03-17 00:59Z
HIGH

CVE-2017-0084 — Microsoft Windows_10: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0084

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CV CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMicrosoftVNDUniscribeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-17
2017-03-17 00:59Z
HIGH

CVE-2017-0083 — Microsoft Windows_7: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0083

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMicrosoftVNDUniscribeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-17
2017-03-17 00:59Z
HIGH

CVE-2017-0072 — Microsoft Windows_7: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0072

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMicrosoftVNDUniscribeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-17
2017-03-17 00:59Z
CRIT

CVE-2017-0021 — Microsoft Windows_10: Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0021

Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095. CVSSv3.1 9.0 (CRITICAL)

VNDMicrosoftVNDHyperTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2017-03-16
2017-03-16 21:59Z
HIGH

CVE-2017-6952 — Capstone-engine Capstone: Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c in Capstone 3.0.4 and earlier allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6952

Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of service (heap-based buffer overflow in a kernel driver) or possibly have unspecified other impact via a large value. CVSSv3.1 8.8 (HIGH)

CWECWE 190VNDCapstone EngineTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-16
2017-03-16 17:59Z
HIGH

CVE-2017-6949 — Call-cc Chicken: With an unexpected size, the impact may have been a segfault or buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6949

An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow. CVSSv3.1 8.1 (HIGH)

CWECWE 119VNDCall CcVNDChickenTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-16
2017-03-16 15:59Z
CRIT

CVE-2015-8981 — Podofo_project Podofo: Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8981

Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDHeapVNDPodofo ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-16
2017-03-16 14:59Z
HIGH

CVE-2017-6381 — Drupal Drupal: A 3rd party development library including with Drupal 8 development dependencies is vulnerable to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6381

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployment CVSSv3.1 8.1 (HIGH)

CWECWE 829VNDDrupalTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-16
2017-03-16 04:59Z
CRIT

CVE-2017-6023 — Fatek Ethernet_module_configuration_tool_cbe_firmware: A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6023

An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device. CVSSv3.1 9.8 (CRITICAL)

CWECWE 121CWECWE 119VNDFatekTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-15
2017-03-15 20:59Z
HIGH

CVE-2017-3854 — Cisco Wireless_lan_controller_firmware: A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3854

A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit cou CVSSv3.1 8.8 (HIGH)

CWECWE 287VNDCiscoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-15
2017-03-15 20:59Z
HIGH

CVE-2017-3846 — Cisco Tidal_enterprise_scheduler: A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3846

A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal En CVSSv3.1 8.6 (HIGH)

CWECWE 20VNDCiscoTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-03-15
2017-03-15 20:59Z
CRIT

CVE-2017-3831 — Cisco Aironet_access_point_software: A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3831

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A suc CVSSv3.1 9.8 (CRITICAL)

CWECWE 287CWECWE 264VNDCiscoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-15
2017-03-15 20:59Z
HIGH

CVE-2017-3819 — Cisco Asr_5000_series_software: A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3819

A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SS CVSSv3.1 8.8 (HIGH)

CWECWE 306CWECWE 264VNDCiscoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-15
2017-03-15 19:59Z
CRIT

CVE-2016-5239 — Imagemagick Imagemagick: The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5239

The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDImagemagickTYPVulnerability
9.8
CVSS v3.1
99
Edit Score