2017-01-19
2017-01-19 05:59Z
HIGH

CVE-2016-5209 — Google Chrome: Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5209

Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDGoogleVNDBadTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 05:59Z
HIGH

CVE-2016-5206 — Google Chrome: The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5206

The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. CVSSv3.1 8.8 (HIGH)

CWECWE 284VNDGoogleVNDPdfTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 05:59Z
HIGH

CVE-2016-5203 — Google Chrome: A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5203

A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDGoogleVNDPdfiumTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 05:59Z
HIGH

CVE-2016-5200 — Google Chrome: V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5200

V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 05:59Z
HIGH

CVE-2016-5199 — Google Chrome: An off by one error resulting in an allocation of zero size in FFmpeg

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5199

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 05:59Z
HIGH

CVE-2016-5197 — Google Chrome: The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5197

The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. CVSSv3.1 8.8 (HIGH)

CWECWE 20VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-19
2017-01-19 05:59Z
HIGH

CVE-2016-5196 — Google Chrome: The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5196

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. CVSSv3.1 8.8 (HIGH)

CWECWE 254VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-01-18
2017-01-18 22:59Z
CRIT

CVE-2016-9679 — Citrix Provisioning_services: Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9679

Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDCitrixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-18
2017-01-18 22:59Z
CRIT

CVE-2016-9678 — Citrix Provisioning_services: Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9678

Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDCitrixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-18
2017-01-18 22:59Z
CRIT

CVE-2016-9676 — Citrix Provisioning_services: Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9676

Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDCitrixVNDBufferTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-18
2017-01-18 22:59Z
CRIT

CVE-2016-3415 — Synacor Zimbra_collaboration_suite: Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-3415

Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. CVSSv3.1 9.1 (CRITICAL)

CWECWE 502VNDZimbraVNDSynacorTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-01-18
2017-01-18 22:59Z
HIGH

CVE-2016-3406 — Synacor Zimbra_collaboration_suite: Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-3406

Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDSynacorVNDCsrfTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-18
2017-01-18 22:59Z
HIGH

CVE-2016-10086 — Ca Service_desk_management: RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10086

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. CVSSv3.1 8.1 (HIGH)

CWECWE 264VNDCaVNDRestfulTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-01-18
2017-01-18 17:59Z
CRIT

CVE-2016-9584 — Libical_project Libical: allows remote attackers to cause a denial of service (use-after-free) and possibly read

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9584

libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. CVSSv3.1 9.1 (CRITICAL)

CWECWE 416VNDLibical ProjectTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-01-18
2017-01-18 17:59Z
HIGH

CVE-2016-7998 — Spip Spip: The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. CVSSv3.1 8.8 (HIGH)

CWECWE 20VNDSpipTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-18
2017-01-18 17:59Z
CRIT

CVE-2016-7996 — Graphicsmagick Graphicsmagick: Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7996

Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDHeapVNDGraphicsmagickTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-18
2017-01-18 17:59Z
HIGH

CVE-2016-7980 — Spip Spip: Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7980

Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDSpipVNDCsrfTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-18
2017-01-18 17:59Z
HIGH

CVE-2016-7144 — Unrealircd Unrealircd: The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7144

The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. CVSSv3.1 8.1 (HIGH)

CWECWE 287VNDUnrealircdTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-01-17
2017-01-17 09:59Z
HIGH

CVE-2017-5520 — Metalgenix Genixcms: The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5520

The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. CVSSv3.1 8.8 (HIGH)

CWECWE 434VNDMetalgenixVNDGenixcmsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-17
2017-01-17 09:59Z
CRIT

CVE-2017-5519 — Metalgenix Genixcms: SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5519

SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDMetalgenixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-17
2017-01-17 09:59Z
CRIT

CVE-2017-5517 — Metalgenix Genixcms: SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5517

SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDMetalgenixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-16
2017-01-16 06:59Z
HIGH

CVE-2016-7904 — Cmsmadesimple Cms_made_simple: Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7904

Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. CVSSv3.1 8.0 (HIGH)

CWECWE 352VNDCsrfVNDCmsmadesimpleTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2017-01-15
2017-01-15 22:59Z
HIGH

CVE-2017-5480 — B2evolution B2evolution: Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5480

Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter. CVSSv3.1 8.1 (HIGH)

CWECWE 22VNDB2evolutionTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-01-15
2017-01-15 02:59Z
HIGH

CVE-2017-5492 — Wordpress Wordpress: Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5492

Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDWordpressVNDCsrfTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-15
2017-01-15 02:59Z
HIGH

CVE-2017-5489 — Wordpress Wordpress: Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5489

Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDWordpressVNDCsrfTYPVulnerability
8.8
CVSS v3.1
94
Edit Score