2017-02-24
2017-02-24 22:59Z
HIGH

CVE-2017-2790 — Justsystems Ichitaro: This results in a heap-based buffer overflow and can lead to code execution under

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2790

When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDJustsystemsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-24
2017-02-24 22:59Z
HIGH

CVE-2017-2789 — Justsystems Ichitaro: This value is larger than the buffer size, which leads to a heap-based buffer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2789

When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writ CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDJustsystemsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-24
2017-02-24 18:59Z
HIGH

CVE-2016-9975 — Ibm Dashboard_application_services_hub: Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9975

IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-23
2017-02-23 16:59Z
HIGH

CVE-2016-8974 — Ibm Rational_rhapsody_design_manager: Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8974

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798. CVSSv3.1 8.1 (HIGH)

CWECWE 611VNDIbmTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-23
2017-02-23 06:59Z
CRIT

CVE-2017-6205 — Dlink Websmart_dgs-1510_series_firmware: D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware befor

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6205

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

VNDDlinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-22
2017-02-22 23:59Z
CRIT

CVE-2017-6187 — Disksavvy Disksavvy_enterprise: Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6187

Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDBufferVNDDisksavvyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-22
2017-02-22 23:59Z
CRIT

CVE-2016-1245 — Quagga Quagga: It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-1245

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDQuaggaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-02-22
2017-02-22 16:59Z
CRIT

CVE-2017-5586 — Opentext Documentum_d2: Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5586

OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. CVSSv3.1 9.8 (CRITICAL)

CWECWE 20VNDOpentextTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-22
2017-02-22 16:59Z
HIGH

CVE-2017-5585 — Opentext Documentum_content_server: Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5585

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520. CVSSv3.1 8.8 (HIGH)

CWECWE 74VNDOpentextTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-22
2017-02-22 16:59Z
CRIT

CVE-2016-9400 — Teeworlds Teeworlds: The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9400

The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDFedoraprojectVNDTeeworldsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-22
2017-02-22 05:59Z
CRIT

CVE-2016-9684 — Dell Sonicwall_secure_remote_access_server: The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9684

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitatio CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDDellVNDSonicwallTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-22
2017-02-22 05:59Z
CRIT

CVE-2016-9683 — Dell Sonicwall_secure_remote_access_server: The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9683

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filen CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDDellVNDSonicwallTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-22
2017-02-22 05:59Z
CRIT

CVE-2016-9682 — Dell Sonicwall_secure_remote_access_server: The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9682

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system() CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDDellVNDSonicwallTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-22
2017-02-22 02:59Z
HIGH

CVE-2017-3837 — Cisco Meeting_server: An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3837

An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid se CVSSv3.1 8.1 (HIGH)

CWECWE 20VNDCiscoVNDHttpTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-22
2017-02-22 02:59Z
HIGH

CVE-2017-3835 — Cisco Identity_services_engine_software: A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3835

A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). CVSSv3.1 8.8 (HIGH)

CWECWE 89VNDCiscoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-22
2017-02-22 02:59Z
CRIT

CVE-2017-2684 — Siemens Simatic_logon: SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2684

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. CVSSv3.1 9.0 (CRITICAL)

CWECWE 592VNDSiemensTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2017-02-21
2017-02-21 22:59Z
CRIT

CVE-2016-9053 — Aerospike Database_server: An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9053

An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)

CWECWE 129VNDAerospikeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-21
2017-02-21 22:59Z
CRIT

CVE-2016-9051 — Aerospike Database_server: An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9051

An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDAerospikeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-21
2017-02-21 20:59Z
HIGH

CVE-2017-6127 — Digisol Dg-hr1400_firmware: Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6127

Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDCsrfVNDDigisolTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-21
2017-02-21 07:59Z
CRIT

CVE-2017-6095 — Mail-masta_project Mail-masta: A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6095

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDMail Masta ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-21
2017-02-21 07:59Z
CRIT

CVE-2017-6070 — Cmsmadesimple Form_builder: CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6070

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. CVSSv3.1 9.8 (CRITICAL)

CWECWE 200VNDCmsVNDCmsmadesimpleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-21
2017-02-21 07:59Z
CRIT

CVE-2017-5959 — Metalgenix Genixcms: CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5959

CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token. CVSSv3.1 9.8 (CRITICAL)

CWECWE 352VNDCsrfVNDMetalgenixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-21
2017-02-21 07:59Z
HIGH

CVE-2016-9315 — Trendmicro Interscan_web_security_virtual_appliance: Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9315

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737. CVSSv3.1 8.8 (HIGH)

CWECWE 264VNDTrendmicroTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-21
2017-02-21 07:59Z
CRIT

CVE-2016-9269 — Trendmicro Interscan_web_security_virtual_appliance: Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737. CVSSv3.1 9.9 (CRITICAL)

CWECWE 264VNDCommandVNDTrendmicroTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2017-2373 — Apple Tvos: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2373

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleVNDWebkitgtkTYPVulnerability
8.8
CVSS v3.1
94
Edit Score