2017-03-15
2017-03-15 20:59Z
HIGH

CVE-2017-3846 — Cisco Tidal_enterprise_scheduler: A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3846

A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal En CVSSv3.1 8.6 (HIGH)

CWECWE 20VNDCiscoTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-03-15
2017-03-15 20:59Z
CRIT

CVE-2017-3831 — Cisco Aironet_access_point_software: A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3831

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A suc CVSSv3.1 9.8 (CRITICAL)

CWECWE 287CWECWE 264VNDCiscoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-15
2017-03-15 20:59Z
HIGH

CVE-2017-3819 — Cisco Asr_5000_series_software: A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3819

A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SS CVSSv3.1 8.8 (HIGH)

CWECWE 306CWECWE 264VNDCiscoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-15
2017-03-15 19:59Z
CRIT

CVE-2016-5239 — Imagemagick Imagemagick: The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5239

The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDImagemagickTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-15
2017-03-15 19:59Z
HIGH

CVE-2015-8982 — Gnu Glibc: Integer overflow in the strxfrm function in the GNU C Library (aka glibc or

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8982

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVSSv3.1 8.1 (HIGH)

CWECWE 190VNDGnuTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-15
2017-03-15 16:59Z
CRIT

CVE-2017-5522 — Debian Debian_linux: Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5522

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDStackVNDOsgeoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-15
2017-03-15 16:59Z
CRIT

CVE-2016-7955 — Alienvault Ossim: The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7955

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header. CVSSv3.1 9.8 (CRITICAL)

CWECWE 264VNDAlienvaultTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-03-15
2017-03-15 15:59Z
CRIT

CVE-2017-5496 — Sawmill Sawmill: Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5496

Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash. CVSSv3.1 9.8 (CRITICAL)

CWECWE 200VNDSawmillTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-15
2017-03-15 15:59Z
CRIT

CVE-2017-5358 — Easycom-aura Easycom_for_php: Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5358

Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDStackVNDEasycom AuraTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-15
2017-03-15 15:59Z
CRIT

CVE-2016-10195 — Libevent_project Libevent: The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10195

The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. CVSSv3.1 9.8 (CRITICAL)

CWECWE 125VNDLibevent ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-15
2017-03-15 15:59Z
CRIT

CVE-2016-10166 — Libgd Libgd: Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10166

Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. CVSSv3.1 9.8 (CRITICAL)

CWECWE 191VNDLibgdTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-15
2017-03-15 14:59Z
HIGH

CVE-2017-6366 — Netgear Dgn2200_firmware: Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6366

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDNetgearVNDCsrfTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 22:59Z
CRIT

CVE-2016-8027 — Mcafee Epolicy_orchestrator: SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8027

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. CVSSv3.1 10.0 (CRITICAL)

CWECWE 89VNDMcafeeTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2017-03-14
2017-03-14 22:59Z
HIGH

CVE-2016-8024 — Mcafee Virusscan_enterprise: Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8024

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing. CVSSv3.1 8.1 (HIGH)

CWECWE 113VNDCrlfVNDMcafeeTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-14
2017-03-14 22:59Z
HIGH

CVE-2016-8023 — Mcafee Virusscan_enterprise: Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8023

Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. CVSSv3.1 8.1 (HIGH)

CWECWE 287VNDMcafeeTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-14
2017-03-14 22:59Z
HIGH

CVE-2016-8020 — Mcafee Virusscan_enterprise: Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8020

Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. CVSSv3.1 8.0 (HIGH)

CWECWE 94VNDMcafeeTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2017-03-14
2017-03-14 22:59Z
HIGH

CVE-2016-8008 — Mcafee Security_scan_plus: Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8008

Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system. CVSSv3.1 8.8 (HIGH)

CWECWE 264VNDMcafeeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 22:59Z
HIGH

CVE-2015-8989 — Mcafee Vulnerability_manager: Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8989

Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database. CVSSv3.1 8.8 (HIGH)

CWECWE 310VNDMcafeeVNDUnsaltedTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 22:59Z
HIGH

CVE-2015-8988 — Mcafee Epo_deep_command: Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8988

Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path. CVSSv3.1 8.8 (HIGH)

CWECWE 77VNDMcafeeVNDUnquotedTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 22:59Z
CRIT

CVE-2014-9921 — Mcafee Cloud_analysis_and_deconstructive_services: Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-9921

Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error. CVSSv3.1 9.8 (CRITICAL)

CWECWE 264VNDInformationVNDMcafeeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-14
2017-03-14 20:59Z
HIGH

CVE-2017-6896 — Digisol Dg-hr1400_router_firmware: Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6896

Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value. CVSSv3.1 8.8 (HIGH)

CWECWE 565VNDDigisolTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 16:59Z
HIGH

CVE-2017-3003 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3003

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 16:59Z
HIGH

CVE-2017-3002 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3002

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 16:59Z
HIGH

CVE-2017-3001 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3001

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 16:59Z
HIGH

CVE-2017-2999 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2999

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score