Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2017-3846 — Cisco Tidal_enterprise_scheduler: A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal
A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal En CVSSv3.1 8.6 (HIGH)
CVE-2017-3831 — Cisco Aironet_access_point_software: A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points
A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A suc CVSSv3.1 9.8 (CRITICAL)
CVE-2017-3819 — Cisco Asr_5000_series_software: A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating
A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SS CVSSv3.1 8.8 (HIGH)
CVE-2016-5239 — Imagemagick Imagemagick: The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)
CVE-2015-8982 — Gnu Glibc: Integer overflow in the strxfrm function in the GNU C Library (aka glibc or
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVSSv3.1 8.1 (HIGH)
CVE-2017-5522 — Debian Debian_linux: Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-7955 — Alienvault Ossim: The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5496 — Sawmill Sawmill: Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5358 — Easycom-aura Easycom_for_php: Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-10195 — Libevent_project Libevent: The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-10166 — Libgd Libgd: Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-6366 — Netgear Dgn2200_firmware: Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely. CVSSv3.1 8.8 (HIGH)
CVE-2016-8027 — Mcafee Epolicy_orchestrator: SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. CVSSv3.1 10.0 (CRITICAL)
CVE-2016-8024 — Mcafee Virusscan_enterprise: Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing. CVSSv3.1 8.1 (HIGH)
CVE-2016-8023 — Mcafee Virusscan_enterprise: Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. CVSSv3.1 8.1 (HIGH)
CVE-2016-8020 — Mcafee Virusscan_enterprise: Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL)
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. CVSSv3.1 8.0 (HIGH)
CVE-2016-8008 — Mcafee Security_scan_plus: Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus
Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system. CVSSv3.1 8.8 (HIGH)
CVE-2015-8989 — Mcafee Vulnerability_manager: Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee
Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database. CVSSv3.1 8.8 (HIGH)
CVE-2015-8988 — Mcafee Epo_deep_command: Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path. CVSSv3.1 8.8 (HIGH)
CVE-2014-9921 — Mcafee Cloud_analysis_and_deconstructive_services: Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS)
Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-6896 — Digisol Dg-hr1400_router_firmware: Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value. CVSSv3.1 8.8 (HIGH)
CVE-2017-3003 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)
CVE-2017-3002 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)
CVE-2017-3001 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)
CVE-2017-2999 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)