Lista CVE - 2017 / Aprile
Visualizzazione 901 - 1000 di 1568 CVE per Aprile 2017 (Pagina 10 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2017-7897 | 2017-04-18 | A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary... |
| CVE-2017-7939 | 2017-04-18 | The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. |
| CVE-2017-7940 | 2017-04-18 | The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. |
| CVE-2017-7941 | 2017-04-18 | The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. |
| CVE-2017-7942 | 2017-04-18 | The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. |
| CVE-2017-7943 | 2017-04-18 | The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. |
| CVE-2016-10345 | 2017-04-18 | In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. |
| CVE-2017-7946 | 2017-04-18 | The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. |
| CVE-2014-9907 | 2017-04-19 | coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. |
| CVE-2016-5410 | 2017-04-19 | firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API... |
| CVE-2016-7515 | 2017-04-19 | The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. |
| CVE-2016-7519 | 2017-04-19 | The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
| CVE-2016-7522 | 2017-04-19 | The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. |
| CVE-2016-7528 | 2017-04-19 | The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. |
| CVE-2016-7529 | 2017-04-19 | coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. |
| CVE-2016-7531 | 2017-04-19 | MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. |
| CVE-2016-7533 | 2017-04-19 | The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. |
| CVE-2016-7537 | 2017-04-19 | MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. |
| CVE-2017-7849 | 2017-04-19 | Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. |
| CVE-2017-7850 | 2017-04-19 | Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. |
| CVE-2017-7948 | 2017-04-19 | Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact... |
| CVE-2017-7960 | 2017-04-19 | The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. |
| CVE-2017-7961 | 2017-04-19 | The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to... |
| CVE-2017-7962 | 2017-04-19 | The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. |
| CVE-2017-7963 | 2017-04-19 | The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings.... |
| CVE-2017-7975 | 2017-04-19 | Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to... |
| CVE-2017-7964 | 2017-04-19 | Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring... |
| CVE-2013-7463 | 2017-04-19 | The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a... |
| CVE-2017-7976 | 2017-04-19 | Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial... |
| CVE-2017-7978 | 2017-04-19 | Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290. |
| CVE-2017-7979 | 2017-04-19 | The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a... |
| CVE-2017-7938 | 2017-04-20 | Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a... |
| CVE-2017-6919 | 2017-04-20 | Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. |
| CVE-2017-7282 | 2017-04-20 | An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to... |
| CVE-2017-7283 | 2017-04-20 | An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in... |
| CVE-2017-7692 | 2017-04-20 | SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to... |
| CVE-2017-7982 | 2017-04-20 | Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted... |
| CVE-2017-5190 | 2017-04-20 | NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage,... |
| CVE-2016-1219 | 2017-04-20 | Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. |
| CVE-2016-4293 | 2017-04-20 | Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document... |
| CVE-2016-4650 | 2017-04-20 | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause... |
| CVE-2016-4847 | 2017-04-20 | Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. |
| CVE-2016-4849 | 2017-04-20 | Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml,... |
| CVE-2016-5409 | 2017-04-20 | Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive... |
| CVE-2016-5760 | 2017-04-20 | Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or... |
| CVE-2016-5761 | 2017-04-20 | Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. |
| CVE-2016-5762 | 2017-04-20 | Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long... |
| CVE-2016-6331 | 2017-04-20 | ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. |
| CVE-2016-6332 | 2017-04-20 | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a... |
| CVE-2016-6333 | 2017-04-20 | Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script... |
| CVE-2016-6334 | 2017-04-20 | Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2016-6335 | 2017-04-20 | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information... |
| CVE-2016-6336 | 2017-04-20 | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status... |
| CVE-2016-6337 | 2017-04-20 | MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. |
| CVE-2016-6338 | 2017-04-20 | ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related... |
| CVE-2016-6341 | 2017-04-20 | oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine... |
| CVE-2016-6347 | 2017-04-20 | Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-7718 | 2017-04-20 | hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA... |
| CVE-2015-8957 | 2017-04-20 | Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. |
| CVE-2015-8958 | 2017-04-20 | coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. |
| CVE-2015-8959 | 2017-04-20 | coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. |
| CVE-2016-1213 | 2017-04-20 | The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. |
| CVE-2016-1214 | 2017-04-20 | Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1215 | 2017-04-20 | Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1216 | 2017-04-20 | Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1217 | 2017-04-20 | Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1218 | 2017-04-20 | SQL injection vulnerability in Cybozu Garoon before 4.2.2. |
| CVE-2016-1220 | 2017-04-20 | Cybozu Garoon before 4.2.2 does not properly restrict access. |
| CVE-2016-4818 | 2017-04-20 | DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. |
| CVE-2016-4842 | 2017-04-20 | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. |
| CVE-2016-4843 | 2017-04-20 | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. |
| CVE-2016-4844 | 2017-04-20 | Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. |
| CVE-2016-4850 | 2017-04-20 | LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. |
| CVE-2016-4862 | 2017-04-20 | Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. |
| CVE-2016-5010 | 2017-04-20 | coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. |
| CVE-2016-7513 | 2017-04-20 | Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors. |
| CVE-2016-7514 | 2017-04-20 | The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. |
| CVE-2016-7516 | 2017-04-20 | The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. |
| CVE-2016-7517 | 2017-04-20 | The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. |
| CVE-2016-7518 | 2017-04-20 | The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file. |
| CVE-2016-7520 | 2017-04-20 | Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. |
| CVE-2016-7521 | 2017-04-20 | Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. |
| CVE-2016-7525 | 2017-04-20 | Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. |
| CVE-2016-7526 | 2017-04-20 | coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. |
| CVE-2016-7527 | 2017-04-20 | coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
| CVE-2016-7530 | 2017-04-20 | The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. |
| CVE-2016-7532 | 2017-04-20 | coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. |
| CVE-2016-7534 | 2017-04-20 | The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file. |
| CVE-2016-7535 | 2017-04-20 | coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. |
| CVE-2016-7536 | 2017-04-20 | magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. |
| CVE-2016-7538 | 2017-04-20 | coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. |
| CVE-2016-7540 | 2017-04-20 | coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. |
| CVE-2016-8721 | 2017-04-20 | An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an... |
| CVE-2017-2784 | 2017-04-20 | An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially... |
| CVE-2017-2806 | 2017-04-20 | An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory... |
| CVE-2017-5183 | 2017-04-20 | NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. |
| CVE-2017-5156 | 2017-04-20 | A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will... |
| CVE-2017-5158 | 2017-04-20 | An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary... |
| CVE-2017-5160 | 2017-04-20 | An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's... |
| CVE-2015-8285 | 2017-04-20 | The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. |