2017-02-22
2017-02-22 02:59Z
CRIT

CVE-2017-2684 — Siemens Simatic_logon: SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2684

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. CVSSv3.1 9.0 (CRITICAL)

CWECWE 592VNDSiemensTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2017-02-21
2017-02-21 22:59Z
CRIT

CVE-2016-9053 — Aerospike Database_server: An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9053

An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)

CWECWE 129VNDAerospikeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-21
2017-02-21 22:59Z
CRIT

CVE-2016-9051 — Aerospike Database_server: An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9051

An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDAerospikeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-21
2017-02-21 20:59Z
HIGH

CVE-2017-6127 — Digisol Dg-hr1400_firmware: Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6127

Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDCsrfVNDDigisolTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-21
2017-02-21 07:59Z
CRIT

CVE-2017-6095 — Mail-masta_project Mail-masta: A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6095

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDMail Masta ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-21
2017-02-21 07:59Z
CRIT

CVE-2017-6070 — Cmsmadesimple Form_builder: CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6070

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. CVSSv3.1 9.8 (CRITICAL)

CWECWE 200VNDCmsVNDCmsmadesimpleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-21
2017-02-21 07:59Z
CRIT

CVE-2017-5959 — Metalgenix Genixcms: CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5959

CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token. CVSSv3.1 9.8 (CRITICAL)

CWECWE 352VNDCsrfVNDMetalgenixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-02-21
2017-02-21 07:59Z
HIGH

CVE-2016-9315 — Trendmicro Interscan_web_security_virtual_appliance: Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9315

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737. CVSSv3.1 8.8 (HIGH)

CWECWE 264VNDTrendmicroTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-21
2017-02-21 07:59Z
CRIT

CVE-2016-9269 — Trendmicro Interscan_web_security_virtual_appliance: Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737. CVSSv3.1 9.9 (CRITICAL)

CWECWE 264VNDCommandVNDTrendmicroTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2017-2373 — Apple Tvos: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2373

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleVNDWebkitgtkTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2017-2372 — Apple Logic_pro_x: The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2372

An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2017-2369 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2369

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleVNDWebkitgtkTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2017-2366 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2366

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2017-2362 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2362

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2017-2356 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2356

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2017-2355 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2355

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2017-2354 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2354

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
CRIT

CVE-2016-7663 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7663

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDAppleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2016-7659 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7659

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2016-7658 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7658

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2016-7656 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7656

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2016-7654 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7654

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2016-7652 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7652

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2016-7649 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7649

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2016-7648 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7648

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score