Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2016-4666 — Apple Iphone_os: It allows remote attackers to execute arbitrary code or cause a denial of service
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)
CVE-2016-4617 — Apple Mac_os_x: An issue was discovered in certain Apple products.
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. CVSSv3.1 8.8 (HIGH)
CVE-2017-6065 — Metalgenix Genixcms: SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. CVSSv3.1 8.8 (HIGH)
CVE-2016-6875 — Facebook Hhvm: Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6874 — Facebook Hhvm: The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6873 — Facebook Hhvm: Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6872 — Facebook Hhvm: Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6871 — Facebook Hhvm: Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6870 — Facebook Hhvm: Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5344 — Dotcms Dotcms: Overcoming these controls permits a number of blind boolean SQL injection vectors in either
An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /catego CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5012 — Google Chrome: A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux
A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSSv3.1 8.8 (HIGH)
CVE-2017-5009 — Google Chrome: WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87
WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSSv3.1 8.8 (HIGH)
CVE-2016-9814 — Simplesamlphp Simplesamlphp: The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. CVSSv3.1 9.1 (CRITICAL)
CVE-2016-6233 — Fedoraproject Fedora: The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-4861 — Fedoraproject Fedora: The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-4311 — Wso2 Identity_server: Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request. CVSSv3.1 8.8 (HIGH)
CVE-2016-10134 — Zabbix Zabbix: SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-0321 — Nvidia Gpu_driver: All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. CVSSv3.1 8.8 (HIGH)
CVE-2017-0311 — Nvidia Gpu_driver: GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler
NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. CVSSv3.1 8.8 (HIGH)
CVE-2017-0309 — Nvidia Gpu_driver: All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges. CVSSv3.1 8.8 (HIGH)
CVE-2017-0308 — Nvidia Gpu_driver: All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges. CVSSv3.1 8.8 (HIGH)
CVE-2016-8677 — Imagemagick Imagemagick: The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. CVSSv3.1 8.8 (HIGH)
CVE-2017-3801 — Cisco Unified_computing_system_director: A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile CVSSv3.1 8.8 (HIGH)
CVE-2017-5992 — Python Openpyxl: 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. CVSSv3.1 8.2 (HIGH)
CVE-2016-9706 — Ibm Integration_bus: Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. CVSSv3.1 9.1 (CRITICAL)