2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2016-4666 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-4666

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-20
2017-02-20 08:59Z
HIGH

CVE-2016-4617 — Apple Mac_os_x: An issue was discovered in certain Apple products.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-4617

An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. CVSSv3.1 8.8 (HIGH)

CWECWE 264VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-17
2017-02-17 20:59Z
HIGH

CVE-2017-6065 — Metalgenix Genixcms: SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6065

SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. CVSSv3.1 8.8 (HIGH)

CWECWE 89VNDMetalgenixTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-17
2017-02-17 17:59Z
CRIT

CVE-2016-6875 — Facebook Hhvm: Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6875

Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)

VNDFacebookVNDInfiniteTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-17
2017-02-17 17:59Z
CRIT

CVE-2016-6874 — Facebook Hhvm: The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6874

The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. CVSSv3.1 9.8 (CRITICAL)

VNDFacebookTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-17
2017-02-17 17:59Z
CRIT

CVE-2016-6873 — Facebook Hhvm: Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6873

Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)

VNDFacebookTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-17
2017-02-17 17:59Z
CRIT

CVE-2016-6872 — Facebook Hhvm: Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6872

Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDFacebookTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-02-17
2017-02-17 17:59Z
CRIT

CVE-2016-6871 — Facebook Hhvm: Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6871

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDFacebookTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-17
2017-02-17 17:59Z
CRIT

CVE-2016-6870 — Facebook Hhvm: Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6870

Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDFacebookTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-17
2017-02-17 07:59Z
CRIT

CVE-2017-5344 — Dotcms Dotcms: Overcoming these controls permits a number of blind boolean SQL injection vectors in either

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5344

An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /catego CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDDotcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-17
2017-02-17 07:59Z
HIGH

CVE-2017-5012 — Google Chrome: A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5012

A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-17
2017-02-17 07:59Z
HIGH

CVE-2017-5009 — Google Chrome: WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5009

WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDGoogleVNDWebrtcTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-17
2017-02-17 02:59Z
CRIT

CVE-2016-9814 — Simplesamlphp Simplesamlphp: The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9814

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. CVSSv3.1 9.1 (CRITICAL)

CWECWE 399VNDSimplesamlphpTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-02-17
2017-02-17 02:59Z
CRIT

CVE-2016-6233 — Fedoraproject Fedora: The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6233

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDFedoraprojectVNDZendTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-17
2017-02-17 02:59Z
CRIT

CVE-2016-4861 — Fedoraproject Fedora: The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-4861

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDFedoraprojectVNDZendTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-17
2017-02-17 02:59Z
HIGH

CVE-2016-4311 — Wso2 Identity_server: Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-4311

Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDCsrfVNDWso2TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-17
2017-02-17 02:59Z
CRIT

CVE-2016-10134 — Zabbix Zabbix: SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10134

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDZabbixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-15
2017-02-15 23:59Z
HIGH

CVE-2017-0321 — Nvidia Gpu_driver: All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0321

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. CVSSv3.1 8.8 (HIGH)

CWECWE 476VNDNvidiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 23:59Z
HIGH

CVE-2017-0311 — Nvidia Gpu_driver: GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0311

NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. CVSSv3.1 8.8 (HIGH)

CWECWE 732VNDNvidiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 23:59Z
HIGH

CVE-2017-0309 — Nvidia Gpu_driver: All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0309

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges. CVSSv3.1 8.8 (HIGH)

CWECWE 190VNDNvidiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 23:59Z
HIGH

CVE-2017-0308 — Nvidia Gpu_driver: All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0308

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDNvidiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 21:59Z
HIGH

CVE-2016-8677 — Imagemagick Imagemagick: The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8677

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. CVSSv3.1 8.8 (HIGH)

VNDImagemagickVNDAcquirequantumpixelsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 20:59Z
HIGH

CVE-2017-3801 — Cisco Unified_computing_system_director: A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile CVSSv3.1 8.8 (HIGH)

CWECWE 863CWECWE 264VNDCiscoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 19:59Z
HIGH

CVE-2017-5992 — Python Openpyxl: 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5992

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. CVSSv3.1 8.2 (HIGH)

CWECWE 611VNDOpenpyxlTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2017-02-15
2017-02-15 19:59Z
CRIT

CVE-2016-9706 — Ibm Integration_bus: Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9706

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. CVSSv3.1 9.1 (CRITICAL)

CWECWE 611VNDIbmTYPVulnerability
9.1
CVSS v3.1
96
Edit Score