Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2017-2984 — Adobe Flash_player: Successful exploitation could lead to arbitrary code execution.
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)
CVE-2017-2982 — Adobe Flash_player: Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)
CVE-2017-2973 — Adobe Digital_editions: Successful exploitation could lead to arbitrary code execution.
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-2968 — Adobe Campaign: versions 16.4 Build 8724 and earlier have a code injection vulnerability.
Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. CVSSv3.1 9.1 (CRITICAL)
CVE-2017-5149 — Abbott Merlin\@home_firmware: This may allow a man-in-the-middle attacker to access or influence communications between the identified
An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. CVSSv3.1 8.9 (HIGH)
CVE-2016-8358 — Smiths-medical Cadd-solis_medication_safety_software: The affected software does not verify the identities at communication endpoints, which may allow
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints. CVSSv3.1 8.5 (HIGH)
CVE-2016-8355 — Smiths-medical Cadd-solis_medication_safety_software: CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates. CVSSv3.1 9.9 (CRITICAL)
CVE-2017-5167 — Binom3 Universal_multifunctional_electric_power_quality_meter_firmware: An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter.
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. CVSSv3.1 8.6 (HIGH)
CVE-2017-5166 — Binom3 Universal_multifunctional_electric_power_quality_meter_firmware: An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter.
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5162 — Binom3 Universal_multifunctional_electric_power_quality_meter_firmware: An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter.
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5159 — Phoenixcontact Mguard_firmware: An issue was discovered on Phoenix Contact mGuard devices that have been updated to
An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5154 — Advantech Webaccess: To be able to exploit the SQL injection vulnerability, an attacker must supply malformed
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5152 — Advantech Webaccess: By accessing a specific uniform resource locator (URL) on the web server, a malicious
An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). CVSSv3.1 9.1 (CRITICAL)
CVE-2017-5145 — Carlosgavazzi Vmu-c_em_firmware: Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. CVSSv3.1 10.0 (CRITICAL)
CVE-2017-5144 — Carlosgavazzi Vmu-c_em_firmware: The access control flaw allows access to most application functions without authentication.
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5143 — Honeywell Xl_web_ii_controller: A user without authenticating can make a directory traversal attack by accessing a specific
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. CVSSv3.1 8.6 (HIGH)
CVE-2017-5142 — Honeywell Xl_web_ii_controller: An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. CVSSv3.1 9.1 (CRITICAL)
CVE-2017-5140 — Honeywell Xl_web_ii_controller: An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5139 — Honeywell Xl_web_ii_controller: An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9369 — Moxa Nport_5100_series_firmware: Firmware can be updated over the network without authentication, which may allow remote code
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPor CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9366 — Moxa Nport_5100_series_firmware: An attacker can freely use brute force to determine parameters needed to bypass authentication.
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPor CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9365 — Moxa Nport_5100_series_firmware: Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPor CVSSv3.1 8.8 (HIGH)
CVE-2016-9362 — Wago Pfc200_firmware: An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. CVSSv3.1 9.1 (CRITICAL)
CVE-2016-9361 — Moxa Nport_5100_series_firmware: An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPor CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9343 — Rockwellautomation Softlogix_5800_controller_firmware: By sending malformed common industrial protocol (CIP) packet, an attacker may be able to
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. CVSSv3.1 10.0 (CRITICAL)