Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2016-8411 — Google Android: Buffer overflow vulnerability while processing QMI QOS TLVs.
Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9054 — Aerospike Database_server: An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_binid resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9052 — Aerospike Database_server: An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9050 — Aerospike Database_server: An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database
An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be used to trigger a denial of service. An attacker can simply connect to the port and send the packet to trigger this vulnerability. CVSSv3.1 8.2 (HIGH)
CVE-2016-6912 — Libgd Libgd: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd)
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-3794 — Cisco Webex_meetings_server: A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. CVSSv3.1 8.8 (HIGH)
CVE-2016-9218 — Cisco Hybrid_meeting_server: A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to
A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0. CVSSv3.1 8.8 (HIGH)
CVE-2016-9307 — Autodesk Fbx_software_development_kit: Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9306 — Autodesk Fbx_software_development_kit: Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9305 — Autodesk Fbx_software_development_kit: Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9304 — Autodesk Fbx_software_development_kit: Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files. CVSSv3.1 8.8 (HIGH)
CVE-2016-9303 — Autodesk Fbx_software_development_kit: Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-10160 — Php Php: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9383 — Xen Xen: Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. CVSSv3.1 8.8 (HIGH)
CVE-2016-9081 — Joomla Joomla\!: 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9012 — Arista Cloudvision_portal: CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the
CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle. CVSSv3.1 8.8 (HIGH)
CVE-2016-7792 — Ubiquiti_networks Unifi_ap_ac_lite_firmware: Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. CVSSv3.1 8.8 (HIGH)
CVE-2016-7567 — Openslp Openslp: Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-7102 — Owncloud Owncloud_desktop_client: Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. CVSSv3.1 8.4 (HIGH)
CVE-2016-7036 — Python-jose_project Python-jose: before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6603 — Zohocorp Webnms_framework: ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6602 — Zohocorp Webnms_framework: ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6600 — Zohocorp Webnms_framework: Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-6582 — Doorkeeper_project Doorkeeper: The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification. CVSSv3.1 9.1 (CRITICAL)
CVE-2016-6521 — Gopivotal Grails: Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors. CVSSv3.1 8.8 (HIGH)