2017-01-23
2017-01-23 21:59Z
CRIT

CVE-2015-8857 — Uglifyjs_project Uglifyjs: The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. CVSSv3.1 9.8 (CRITICAL)

CWECWE 254VNDUglifyjs ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 21:59Z
CRIT

CVE-2014-8362 — Vivint Sky_control_panel_firmware: Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-8362

Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDVivintTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 17:59Z
HIGH

CVE-2017-5570 — Eclinicalworks Patient_portal: This is a blind SQL injection within the messageJson.jsp, which can only be exploited

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5570

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). CVSSv3.1 8.8 (HIGH)

CWECWE 89VNDEclinicalworksTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-23
2017-01-23 17:59Z
CRIT

CVE-2017-5569 — Eclinicalworks Patient_portal: This is a blind SQL injection within the template.jsp, which can be exploited without

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5569

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDEclinicalworksTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 07:59Z
CRIT

CVE-2017-5575 — Metalgenix Genixcms: SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5575

SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDMetalgenixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 07:59Z
CRIT

CVE-2017-5574 — Metalgenix Genixcms: SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5574

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDMetalgenixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 07:59Z
HIGH

CVE-2017-5563 — Libtiff Libtiff: version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5563

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. CVSSv3.1 8.8 (HIGH)

CWECWE 125VNDLibtiffTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-01-23
2017-01-23 07:59Z
HIGH

CVE-2017-5556 — Foxitsoftware Foxit_reader: The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5556

The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. CVSSv3.1 8.1 (HIGH)

CWECWE 125VNDFoxitsoftwareVNDConverttopdfTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-01-23
2017-01-23 07:59Z
HIGH

CVE-2017-5554 — Oneplus Oxygenos: An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5554

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive. CVSSv3.1 8.1 (HIGH)

CWECWE 287VNDOneplusVNDAbootTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-01-23
2017-01-23 07:59Z
CRIT

CVE-2017-5539 — B2evolution B2evolution: The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5539

The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists. CVSSv3.1 9.1 (CRITICAL)

CWECWE 22VNDCveVNDB2evolutionTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-01-23
2017-01-23 07:59Z
CRIT

CVE-2016-10157 — Akamai Netsession: 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10157

Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDAkamaiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 07:59Z
HIGH

CVE-2016-10103 — Hiteksoftware Automize: Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10103

Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. CVSSv3.1 8.1 (HIGH)

CWECWE 326CWECWE 255VNDInformationVNDHiteksoftwareTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-01-23
2017-01-23 07:59Z
HIGH

CVE-2016-10102 — Hiteksoftware Automize: This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10102

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected. CVSSv3.1 8.1 (HIGH)

CWECWE 326VNDHiteksoftwareVNDHitekTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-01-23
2017-01-23 07:59Z
HIGH

CVE-2016-10101 — Hiteksoftware Automize: Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10101

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager. CVSSv3.1 8.1 (HIGH)

CWECWE 326CWECWE 255VNDInformationVNDHiteksoftwareTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-01-21
2017-01-21 01:59Z
CRIT

CVE-2017-5545 — Libimobiledevice Libplist: The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5545

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. CVSSv3.1 9.1 (CRITICAL)

CWECWE 125VNDLibimobiledeviceTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-01-20
2017-01-20 08:59Z
CRIT

CVE-2017-5543 — Intelliants Subrion: includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5543

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDIntelliantsVNDSubrionTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-19
2017-01-19 20:59Z
HIGH

CVE-2016-9016 — Firejail_project Firejail: 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9016

Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. CVSSv3.1 8.8 (HIGH)

CWECWE 284VNDFirejail ProjectVNDFirejailTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 20:59Z
CRIT

CVE-2016-7794 — Sociomantic Git-hub: sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7794

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDSociomanticTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-19
2017-01-19 20:59Z
HIGH

CVE-2016-7793 — Sociomantic Git-hub: sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7793

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. CVSSv3.1 8.8 (HIGH)

CWECWE 284VNDSociomanticTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 20:59Z
HIGH

CVE-2016-7545 — Selinux_project Selinux: policycoreutils allows local users to execute arbitrary commands outside of the sandbox via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7545

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. CVSSv3.1 8.8 (HIGH)

CWECWE 284VNDFedoraprojectVNDSelinux ProjectTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 20:59Z
HIGH

CVE-2016-7543 — Gnu Bash: before 4.4 allows local users to execute arbitrary commands with root privileges via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7543

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVSSv3.1 8.4 (HIGH)

CWECWE 20VNDGnuVNDFedoraprojectTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2017-01-19
2017-01-19 20:59Z
CRIT

CVE-2015-8212 — Netbsd Netbsd: CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8212

CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. CVSSv3.1 9.8 (CRITICAL)

CWECWE 20VNDCgiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-19
2017-01-19 05:59Z
HIGH

CVE-2016-5213 — Google Chrome: A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5213

A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 05:59Z
HIGH

CVE-2016-5211 — Google Chrome: A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5211

A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDGoogleVNDPdfiumTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 05:59Z
HIGH

CVE-2016-5210 — Google Chrome: Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5210

Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDGoogleVNDHeapTYPVulnerability
8.8
CVSS v3.1
94
Edit Score