2017-02-07
2017-02-07 17:59Z
CRIT

CVE-2016-9639 — Saltstack Salt: before 2015.8.11 allows deleted minions to read or write to minions with the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9639

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. CVSSv3.1 9.1 (CRITICAL)

CWECWE 284VNDSaltstackVNDSaltTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-02-07
2017-02-07 17:59Z
CRIT

CVE-2016-6667 — Netapp Oncommand_unified_manager_for_clustered_data_ontap: OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6667

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

VNDNetappTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-07
2017-02-07 17:59Z
CRIT

CVE-2016-5711 — Netapp Virtual_storage_console_for_vmware_vsphere: Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5711

NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

VNDNetappTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-07
2017-02-07 17:59Z
HIGH

CVE-2016-3180 — Tor_browser_launcher_project Tor_browser_launcher: Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-3180

Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. CVSSv3.1 8.1 (HIGH)

CWECWE 254VNDTorVNDTor Browser Launcher ProjectTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-07
2017-02-07 17:59Z
CRIT

CVE-2016-2403 — Sensiolabs Symfony: before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-2403

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDSensiolabsVNDSymfonyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-07
2017-02-07 17:59Z
HIGH

CVE-2016-1894 — Netapp Oncommand_workflow_automation: OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-1894

NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. CVSSv3.1 8.1 (HIGH)

CWECWE 284VNDNetappTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-07
2017-02-07 17:59Z
HIGH

CVE-2015-8322 — Netapp Data_ontap: OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8322

NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. CVSSv3.1 8.8 (HIGH)

VNDNetappTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-02-07
2017-02-07 17:59Z
HIGH

CVE-2015-7599 — Windriver Vxworks: Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-7599

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. CVSSv3.1 8.1 (HIGH)

CWECWE 190VNDWindriverTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-07
2017-02-07 15:59Z
CRIT

CVE-2016-7400 — Exponentcms Exponent_cms: Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7400

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDExponentcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-07
2017-02-07 15:59Z
CRIT

CVE-2016-6199 — Gradle Gradle: ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6199

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDGradleVNDObjectsocketwrapperTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-07
2017-02-07 15:59Z
CRIT

CVE-2016-6175 — Php-gettext_project Php-gettext: Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDPhp Gettext ProjectVNDEvalTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-07
2017-02-07 15:59Z
HIGH

CVE-2016-2539 — Atutor Atutor: Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-2539

Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDCsrfVNDAtutorTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-07
2017-02-07 15:59Z
CRIT

CVE-2015-8608 — Perl Perl: The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8608

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. CVSSv3.1 9.8 (CRITICAL)

CWECWE 125VNDVdirTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-06
2017-02-06 18:59Z
CRIT

CVE-2017-5677 — Pear Html_ajax: 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5677

PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression. CVSSv3.1 9.8 (CRITICAL)

VNDPearTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-06
2017-02-06 17:59Z
HIGH

CVE-2017-5368 — Zoneminder Zoneminder: v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5368

ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user u CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDZoneminderTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-06
2017-02-06 17:59Z
CRIT

CVE-2016-7447 — Graphicsmagick Graphicsmagick: Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7447

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDHeapVNDGraphicsmagickTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-06
2017-02-06 17:59Z
CRIT

CVE-2016-7446 — Graphicsmagick Graphicsmagick: Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7446

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDBufferVNDGraphicsmagickTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-06
2017-02-06 15:59Z
CRIT

CVE-2017-5879 — Exponentcms Exponent_cms: This is a blind SQL injection that can be exploited by un-authenticated users via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5879

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDExponentcmsVNDExponentTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-06
2017-02-06 15:59Z
CRIT

CVE-2015-2794 — Dnnsoftware Dotnetnuke: The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-2794

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile

CWECWE 264VNDDnnsoftwareVNDDotnetnukeTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2017-02-06
2017-02-06 06:59Z
HIGH

CVE-2017-2583 — Linux Linux_kernel: The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2583

The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. CVSSv3.1 8.4 (HIGH)

TYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2017-02-06
2017-02-06 06:59Z
CRIT

CVE-2016-10150 — Linux Linux_kernel: Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10150

Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416CWECWE 264TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-05
2017-02-05 18:59Z
CRIT

CVE-2016-10098 — Sendquick Entera_sms_gateway_firmware: Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10098

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDSendquickTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-03
2017-02-03 19:59Z
HIGH

CVE-2016-6500 — Forgerock Racf_connector: Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6500

Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning. CVSSv3.1 8.1 (HIGH)

CWECWE 20VNDUnspecifiedVNDForgerockTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-03
2017-02-03 07:59Z
CRIT

CVE-2017-2768 — Emc Smarts_network_configuration_manager: Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2768

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system. CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDEmcTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-03
2017-02-03 07:59Z
CRIT

CVE-2017-2767 — Emc Smarts_network_configuration_manager: Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2767

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDEmcTYPVulnerability
9.8
CVSS v3.1
99
Edit Score