2017-03-14
2017-03-14 16:59Z
HIGH

CVE-2017-2999 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2999

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 16:59Z
HIGH

CVE-2017-2998 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2998

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 16:59Z
HIGH

CVE-2017-2997 — Adobe Flash_player: Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2997

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 14:59Z
CRIT

CVE-2017-5668 — Bitlbee Bitlbee: bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5668

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189. CVSSv3.1 9.8 (CRITICAL)

CWECWE 476VNDBitlbeeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-14
2017-03-14 14:59Z
CRIT

CVE-2016-10188 — Bitlbee Bitlbee: Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10188

Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDBitlbeeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-14
2017-03-14 09:59Z
HIGH

CVE-2017-6398 — Trendmicro Interscan_messaging_security_virtual_appliance: An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6398

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitizatio CVSSv3.1 8.8 (HIGH)

CWECWE 78VNDTrendmicroVNDTrendTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-14
2017-03-14 09:59Z
CRIT

CVE-2013-4659 — Asus Rt-ac66u_firmware: Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2013-4659

Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDAsusVNDTrendnetTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-03-13
2017-03-13 06:59Z
HIGH

CVE-2017-6180 — Keekoonvision Kk002_ip_camera_firmware: Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6180

Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages). CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDKeekoonvisionVNDKeekoonTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-13
2017-03-13 06:59Z
HIGH

CVE-2017-6081 — Zammad Zammad: A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6081

A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDCsrfVNDZammadTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-13
2017-03-13 06:59Z
CRIT

CVE-2017-6080 — Zammad Zammad: An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6080

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result. CVSSv3.1 9.8 (CRITICAL)

CWECWE 352VNDZammadTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-13
2017-03-13 06:59Z
CRIT

CVE-2017-5929 — Qos Logback: QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDQosTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-13
2017-03-13 06:59Z
HIGH

CVE-2017-5675 — Embedthis Goahead: A command-injection vulnerability exists in a web application on a custom-built GoAhead web server

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5675

A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. CVSSv3.1 8.8 (HIGH)

CWECWE 77VNDEmbedthisTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-13
2017-03-13 06:59Z
CRIT

CVE-2017-5674 — Embedthis Goahead: A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5674

A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password. CVSSv3.1 9.8 (CRITICAL)

CWECWE 200VNDEmbedthisTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-13
2017-03-13 06:59Z
CRIT

CVE-2017-5619 — Zammad Zammad: An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5619

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string. CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDZammadTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-12
2017-03-12 05:59Z
HIGH

CVE-2017-6823 — Fiyo Fiyo_cms: CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6823

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. CVSSv3.1 8.8 (HIGH)

CWECWE 294VNDFiyoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-12
2017-03-12 05:59Z
CRIT

CVE-2017-5626 — Oneplus Oxygenos: before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5626

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code execution with high privileges (kernel/root) with complete access to user data. CVSSv3.1 9.8 (CRITICAL)

VNDOneplusVNDOxygenosTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-12
2017-03-12 05:59Z
CRIT

CVE-2017-5624 — Oneplus Oxygenos: Having dm-verity disabled, the kernel will not verify the system partition (and any other

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5624

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will not verify the system partition (and any other dm-verity protected partition), which may allow for persistent code execution and privilege escalation. CVSSv3.1 9.8 (CRITICAL)

CWECWE 269VNDOneplusVNDOxygenosTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-11
2017-03-11 06:59Z
CRIT

CVE-2017-6513 — Softaculous Whmcs_reseller_module: The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6513

The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. CVSSv3.1 9.9 (CRITICAL)

CWECWE 275VNDSoftaculousVNDWhmcsTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2017-03-11
2017-03-11 06:59Z
HIGH

CVE-2017-6466 — F-secure Software_updater: Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6466

F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the SYSTEM account. Note that when Software Updater is configured to install updates automatically, it checks if the downloaded file is digitally signed by default, but does not check the CVSSv3.1 8.1 (HIGH)

CWECWE 20VNDSecureVNDF SecureTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-11
2017-03-11 06:59Z
HIGH

CVE-2010-4314 — Novell Iprint: Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2010-4314

Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDNovellTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-10
2017-03-10 10:59Z
CRIT

CVE-2017-6506 — Azure_dex Data_expert_ultimate: In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6506

In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDAzureVNDAzure DexTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-10
2017-03-10 10:59Z
CRIT

CVE-2017-5859 — Cambiumnetworks Cnpilot_r200_series_firmware: On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vulnerability involving the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5859

On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vulnerability involving the certificate of the device and its RSA keys, aka RBN-183. CVSSv3.1 9.8 (CRITICAL)

VNDCambiumnetworksVNDCambiumTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-10
2017-03-10 10:59Z
CRIT

CVE-2017-2788 — Pharos Popup: A specially crafted packet can be sent to the victim's computer and can lead

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2788

A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit. CVSSv3.1 10.0 (CRITICAL)

CWECWE 119VNDPharosTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2017-03-10
2017-03-10 10:59Z
CRIT

CVE-2017-2787 — Pharos Popup: A specially crafted packet can be sent to the victim's computer and can lead

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2787

A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit. CVSSv3.1 9.0 (CRITICAL)

CWECWE 119VNDPharosTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2017-03-10
2017-03-10 10:59Z
CRIT

CVE-2017-2785 — Pharos Popup: An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2785

An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit. CVSSv3.1 10.0 (CRITICAL)

CWECWE 119VNDPharosTYPVulnerability
10.0
CVSS v3.1
100
Edit Score