2017-03-02
2017-03-02 06:59Z
HIGH

CVE-2017-6407 — Veritas Netbackup: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6407

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. CVSSv3.1 8.8 (HIGH)

VNDVeritasTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-02
2017-03-02 06:59Z
HIGH

CVE-2017-6406 — Veritas Access: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6406

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur. CVSSv3.1 8.8 (HIGH)

VNDVeritasTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-02
2017-03-02 06:59Z
CRIT

CVE-2017-6403 — Veritas Netbackup: An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6403

An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. CVSSv3.1 9.8 (CRITICAL)

CWECWE 798VNDVeritasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-02
2017-03-02 06:59Z
HIGH

CVE-2017-6400 — Veritas Access: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6400

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system). CVSSv3.1 8.8 (HIGH)

VNDVeritasTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-02
2017-03-02 06:59Z
HIGH

CVE-2017-6399 — Veritas Access: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6399

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. CVSSv3.1 8.8 (HIGH)

VNDVeritasTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-02
2017-03-02 06:59Z
HIGH

CVE-2017-6062 — Openidc Mod_auth_openidc: The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6062

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. CVSSv3.1 8.6 (HIGH)

CWECWE 287VNDOpenidcVNDConnectTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-03-01
2017-03-01 22:59Z
CRIT

CVE-2016-8233 — Lenovo Xclarity_administrator: Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8233

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. CVSSv3.1 9.8 (CRITICAL)

CWECWE 532VNDLenovoVNDLogTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-03-01
2017-03-01 20:59Z
HIGH

CVE-2016-5374 — Netapp Data_ontap: Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5374

NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. CVSSv3.1 8.8 (HIGH)

CWECWE 264VNDNetappTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-28
2017-02-28 18:59Z
CRIT

CVE-2017-5885 — Fedoraproject Fedora: Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5885

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDFedoraprojectVNDGnomeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-28
2017-02-28 18:59Z
CRIT

CVE-2017-5581 — Tigervnc Tigervnc: Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5581

Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDBufferVNDTigervncTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-28
2017-02-28 18:59Z
CRIT

CVE-2016-9558 — Libdwarf_project Libdwarf: (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9558

(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow." CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDLibdwarf ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-27
2017-02-27 11:59Z
HIGH

CVE-2017-2683 — Siemens Ruggedcom_network_management_software: A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2683

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions. CVSSv3.1 8.2 (HIGH)

CWECWE 79VNDSiemensTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2017-02-27
2017-02-27 11:59Z
HIGH

CVE-2017-2682 — Siemens Ruggedcom_network_management_software: The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2682

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDSiemensTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-27
2017-02-27 07:59Z
CRIT

CVE-2017-6350 — Vim Vim: An integer overflow at an unserialize_uep memory allocation site would occur for vim before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6350

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDVimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-27
2017-02-27 07:59Z
CRIT

CVE-2017-6349 — Vim Vim: An integer overflow at a u_read_undo memory allocation site would occur for vim before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6349

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDVimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-27
2017-02-27 07:59Z
HIGH

CVE-2017-6343 — Dahuasecurity Camera_firmware: The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6343

The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. CVSSv3.1 8.1 (HIGH)

CWECWE 287VNDDahuasecurityVNDDahuaTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-27
2017-02-27 07:59Z
CRIT

CVE-2017-6342 — Dahuasecurity Camera_firmware: This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6342

An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117. CVSSv3.1 9.8 (CRITICAL)

CWECWE 269VNDDahuasecurityVNDDahuaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-27
2017-02-27 07:59Z
CRIT

CVE-2017-5946 — Rubyzip_project Rubyzip: The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDRubyzip ProjectVNDZipTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-24
2017-02-24 22:59Z
HIGH

CVE-2017-2790 — Justsystems Ichitaro: This results in a heap-based buffer overflow and can lead to code execution under

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2790

When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDJustsystemsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-24
2017-02-24 22:59Z
HIGH

CVE-2017-2789 — Justsystems Ichitaro: This value is larger than the buffer size, which leads to a heap-based buffer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2789

When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writ CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDJustsystemsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-24
2017-02-24 18:59Z
HIGH

CVE-2016-9975 — Ibm Dashboard_application_services_hub: Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9975

IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-23
2017-02-23 16:59Z
HIGH

CVE-2016-8974 — Ibm Rational_rhapsody_design_manager: Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8974

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798. CVSSv3.1 8.1 (HIGH)

CWECWE 611VNDIbmTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-23
2017-02-23 06:59Z
CRIT

CVE-2017-6205 — Dlink Websmart_dgs-1510_series_firmware: D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware befor

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6205

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

VNDDlinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-22
2017-02-22 23:59Z
CRIT

CVE-2017-6187 — Disksavvy Disksavvy_enterprise: Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6187

Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDBufferVNDDisksavvyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-22
2017-02-22 23:59Z
CRIT

CVE-2016-1245 — Quagga Quagga: It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-1245

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDQuaggaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score