| aerospike -- database_server |
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability. |
2017年02月21日 |
5.0 |
CVE-2016-9049
MISC
|
| apple -- apple_tv |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. |
2017年02月20日 |
4.3 |
CVE-2017-2350
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- apple_tv |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2017-2362
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- apple_tv |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. |
2017年02月20日 |
4.3 |
CVE-2017-2365
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- apple_tv |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2017-2369
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- apple_tv |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2017-2373
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- garageband |
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file. |
2017年02月20日 |
6.8 |
CVE-2017-2374
CONFIRM
|
| apple -- icloud |
An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory. |
2017年02月20日 |
4.6 |
CVE-2016-7583
BID
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app. |
2017年02月20日 |
4.3 |
CVE-2016-4664
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app. |
2017年02月20日 |
4.3 |
CVE-2016-4665
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. |
2017年02月20日 |
4.3 |
CVE-2016-4680
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files. |
2017年02月20日 |
4.3 |
CVE-2016-4685
BID
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate. |
2017年02月20日 |
5.0 |
CVE-2016-4689
BID
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device. |
2017年02月20日 |
4.6 |
CVE-2016-4690
BID
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors. |
2017年02月20日 |
4.6 |
CVE-2016-4781
BID
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL. |
2017年02月20日 |
4.3 |
CVE-2016-7581
BID
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible. |
2017年02月20日 |
4.6 |
CVE-2016-7601
BID
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Graphics Driver" component, which allows remote attackers to cause a denial of service via a crafted video. |
2017年02月20日 |
4.3 |
CVE-2016-7665
BID
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. |
2017年02月20日 |
4.3 |
CVE-2016-7762
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card. |
2017年02月20日 |
4.3 |
CVE-2017-2368
BID
CONFIRM
|
| apple -- iphone_os |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site. |
2017年02月20日 |
4.3 |
CVE-2017-2371
BID
CONFIRM
|
| apple -- itunes |
An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. |
2017年02月20日 |
4.3 |
CVE-2016-4613
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- itunes |
An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-4764
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- itunes |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7578
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- itunes |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2017-2354
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- itunes |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2017-2355
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- itunes |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2017-2356
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- itunes |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2017-2366
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- logic_pro_x |
An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file. |
2017年02月20日 |
6.8 |
CVE-2017-2372
BID
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. |
2017年02月20日 |
4.6 |
CVE-2016-4617
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font. |
2017年02月20日 |
5.8 |
CVE-2016-4660
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app. |
2017年02月20日 |
4.3 |
CVE-2016-4661
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app. |
2017年02月20日 |
4.3 |
CVE-2016-4663
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. |
2017年02月20日 |
6.8 |
CVE-2016-4667
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. |
2017年02月20日 |
6.8 |
CVE-2016-4673
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. |
2017年02月20日 |
4.6 |
CVE-2016-4674
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleSMC" component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. |
2017年02月20日 |
4.6 |
CVE-2016-4678
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink. |
2017年02月20日 |
4.3 |
CVE-2016-4679
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. |
2017年02月20日 |
6.8 |
CVE-2016-4681
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file. |
2017年02月20日 |
5.8 |
CVE-2016-4682
BID
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file. |
2017年02月20日 |
6.8 |
CVE-2016-4683
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font. |
2017年02月20日 |
6.8 |
CVE-2016-4688
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification. |
2017年02月20日 |
4.3 |
CVE-2016-4721
BID
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended. |
2017年02月20日 |
4.3 |
CVE-2016-7577
BID
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information. |
2017年02月20日 |
4.3 |
CVE-2016-7579
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL. |
2017年02月20日 |
4.3 |
CVE-2016-7580
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID. |
2017年02月20日 |
6.8 |
CVE-2016-7584
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreStorage" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. |
2017年02月20日 |
4.9 |
CVE-2016-7603
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreCapture" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. |
2017年02月20日 |
4.9 |
CVE-2016-7604
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. |
2017年02月20日 |
4.3 |
CVE-2016-7605
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. |
2017年02月20日 |
4.9 |
CVE-2016-7609
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file. |
2017年02月20日 |
6.8 |
CVE-2016-7618
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Grapher" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file. |
2017年02月20日 |
6.8 |
CVE-2016-7622
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors. |
2017年02月20日 |
6.8 |
CVE-2016-7655
BID
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string. |
2017年02月20日 |
5.0 |
CVE-2016-7667
CONFIRM
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "xar" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations. |
2017年02月20日 |
6.8 |
CVE-2016-7742
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app. |
2017年02月20日 |
4.3 |
CVE-2017-2357
BID
CONFIRM
|
| apple -- mac_os_x |
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. |
2017年02月20日 |
4.3 |
CVE-2017-2361
BID
MISC
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-4666
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-4677
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-4692
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
5.8 |
CVE-2016-4743
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. |
2017年02月20日 |
4.3 |
CVE-2016-7586
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7587
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted _javascript_ prompts on a web site. |
2017年02月20日 |
4.3 |
CVE-2016-7592
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. |
2017年02月20日 |
4.3 |
CVE-2016-7598
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects. |
2017年02月20日 |
4.3 |
CVE-2016-7599
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7610
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7611
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site. |
2017年02月20日 |
4.3 |
CVE-2016-7623
BID
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7632
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7635
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7639
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7640
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7641
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7642
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7645
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7646
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7648
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7649
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7652
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7654
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7656
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the "Safari" component, which allows remote attackers to spoof the address bar via a crafted web site. |
2017年02月20日 |
4.3 |
CVE-2017-2359
BID
CONFIRM
|
| apple -- safari |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. |
2017年02月20日 |
4.3 |
CVE-2017-2364
BID
CONFIRM
CONFIRM
|
| apple -- transporter |
An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the "iTMSTransporter" component, which allows attackers to obtain sensitive information via a crafted EPUB. |
2017年02月20日 |
4.3 |
CVE-2016-7666
BID
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. |
2017年02月20日 |
6.8 |
CVE-2016-4691
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher. |
2017年02月20日 |
5.0 |
CVE-2016-4693
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreMedia Playback" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file. |
2017年02月20日 |
6.8 |
CVE-2016-7588
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7589
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
2017年02月20日 |
6.8 |
CVE-2016-7594
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. |
2017年02月20日 |
6.8 |
CVE-2016-7595
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app. |
2017年02月20日 |
4.3 |
CVE-2016-7607
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors. |
2017年02月20日 |
4.9 |
CVE-2016-7615
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile. |
2017年02月20日 |
6.8 |
CVE-2016-7626
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted font. |
2017年02月20日 |
4.3 |
CVE-2016-7627
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs. |
2017年02月20日 |
4.3 |
CVE-2016-7636
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site. |
2017年02月20日 |
5.8 |
CVE-2016-7643
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall. |
2017年02月20日 |
4.6 |
CVE-2016-7651
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. |
2017年02月20日 |
4.3 |
CVE-2016-7657
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. |
2017年02月20日 |
6.8 |
CVE-2016-7658
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. |
2017年02月20日 |
6.8 |
CVE-2016-7659
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors. |
2017年02月20日 |
5.0 |
CVE-2016-7662
BID
CONFIRM
CONFIRM
CONFIRM
|
| apple -- watch_os |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. |
2017年02月20日 |
4.3 |
CVE-2017-2363
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| cisco -- identity_services_engine_software |
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). |
2017年02月21日 |
6.5 |
CVE-2017-3835
CONFIRM
|
| cisco -- intrusion_prevention_system_device_manager |
A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7. |
2017年02月21日 |
5.0 |
CVE-2017-3842
CONFIRM
|
| cisco -- meeting_server |
A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2. |
2017年02月21日 |
5.0 |
CVE-2017-3830
CONFIRM
|
| cisco -- meeting_server |
An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid session with the Web Bridge. Affected Products: This vulnerability affects Cisco Meeting Server software releases prior to 2.1.2. This product was previously known as Acano Conferencing Server. More Information: CSCvc89551. Known Affected Releases: 2.0 2.0.7 2.1. Known Fixed Releases: 2.1.2. |
2017年02月21日 |
5.5 |
CVE-2017-3837
CONFIRM
|
| cisco -- prime_collaboration_assurance |
A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0). |
2017年02月21日 |
4.0 |
CVE-2017-3843
CONFIRM
|
| cisco -- prime_collaboration_assurance |
A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc86238. Known Affected Releases: 11.5(0). |
2017年02月21日 |
4.0 |
CVE-2017-3844
CONFIRM
|
| cisco -- prime_collaboration_assurance |
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc77783. Known Affected Releases: 11.5(0). |
2017年02月21日 |
4.3 |
CVE-2017-3845
CONFIRM
|
| cisco -- secure_access_control_system |
A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5). |
2017年02月21日 |
4.3 |
CVE-2017-3838
CONFIRM
|
| cisco -- secure_access_control_system |
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5). |
2017年02月21日 |
4.0 |
CVE-2017-3839
CONFIRM
|
| cisco -- secure_access_control_system |
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.8(2.5). |
2017年02月21日 |
5.8 |
CVE-2017-3840
CONFIRM
|
| cisco -- secure_access_control_system |
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5). |
2017年02月21日 |
5.0 |
CVE-2017-3841
CONFIRM
|
| cisco -- unified_communications_manager |
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609). |
2017年02月21日 |
4.3 |
CVE-2017-3821
CONFIRM
|
| cisco -- unified_communications_manager |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). |
2017年02月21日 |
4.3 |
CVE-2017-3828
CONFIRM
|
| cisco -- unified_communications_manager |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6). |
2017年02月21日 |
4.3 |
CVE-2017-3829
CONFIRM
|
| cisco -- unified_communications_manager |
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). |
2017年02月21日 |
4.3 |
CVE-2017-3833
CONFIRM
|
| cisco -- unified_communications_manager |
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). |
2017年02月21日 |
4.0 |
CVE-2017-3836
CONFIRM
|
| cmsmadesimple -- form_builder |
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml. |
2017年02月21日 |
5.0 |
CVE-2017-6071
MISC
MISC
|
| cmsmadesimple -- form_builder |
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. |
2017年02月21日 |
5.0 |
CVE-2017-6072
MISC
MISC
|
| digisol -- dg-hr1400_firmware |
Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi. |
2017年02月21日 |
6.8 |
CVE-2017-6127
FULLDISC
MISC
|
| dlink -- websmart_dgs-1510_series_firmware |
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors. |
2017年02月23日 |
5.0 |
CVE-2017-6206
CONFIRM
|
| faststone -- maxview |
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section. |
2017年02月21日 |
4.3 |
CVE-2017-6078
MISC
|
| fedoraproject -- fedora |
The route manager in FlightGear before 2016年4月4日 allows remote attackers to write to arbitrary files via a crafted Nasal script. |
2017年02月22日 |
5.0 |
CVE-2016-9956
DEBIAN
MLIST
MLIST
MLIST
BID
FEDORA
FEDORA
CONFIRM
CONFIRM
|
| gomlab -- gom_player |
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file. |
2017年02月21日 |
6.8 |
CVE-2017-5881
EXPLOIT-DB
|
| google -- chrome |
Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page. |
2017年02月17日 |
4.3 |
CVE-2017-5017
BID
CONFIRM
CONFIRM
|
| google -- chrome |
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. |
2017年02月17日 |
4.3 |
CVE-2017-5018
BID
CONFIRM
CONFIRM
|
| google -- chrome |
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
2017年02月17日 |
4.3 |
CVE-2017-5021
BID
CONFIRM
CONFIRM
|
| google -- chrome |
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
2017年02月17日 |
4.3 |
CVE-2017-5024
BID
CONFIRM
CONFIRM
|
| html5lib -- html5lib |
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values. |
2017年02月22日 |
4.3 |
CVE-2016-9909
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| html5lib -- html5lib |
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909. |
2017年02月22日 |
4.3 |
CVE-2016-9910
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| ibm -- inotes |
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary _javascript_ code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010. |
2017年02月23日 |
4.3 |
CVE-2016-5883
CONFIRM
|
| ibm -- websphere_mq |
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661. |
2017年02月22日 |
4.0 |
CVE-2016-3013
CONFIRM
|
| ibm -- websphere_mq |
IBM WebSphere MQ 8.0, under nonstandard configurations, sends password data in cleartext over the network that could be intercepted using main in the middle techniques. IBM Reference #: 1998660. |
2017年02月22日 |
4.3 |
CVE-2016-3052
CONFIRM
|
| ibm -- websphere_mq |
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649. |
2017年02月22日 |
4.0 |
CVE-2016-8915
CONFIRM
|
| ibm -- websphere_mq |
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648. |
2017年02月22日 |
4.0 |
CVE-2016-8986
CONFIRM
|
| inverse-inc -- sogo |
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields. |
2017年02月17日 |
4.3 |
CVE-2014-9905
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
|
| inverse-inc -- sogo |
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. |
2017年02月17日 |
4.0 |
CVE-2016-6189
MLIST
CONFIRM
CONFIRM
CONFIRM
|
| inverse-inc -- sogo |
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. |
2017年02月17日 |
4.0 |
CVE-2016-6190
MLIST
CONFIRM
CONFIRM
CONFIRM
|
| inverse-inc -- sogo |
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. |
2017年02月17日 |
4.3 |
CVE-2016-6191
MLIST
CONFIRM
CONFIRM
|
| libdwarf_project -- libdwarf |
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections. |
2017年02月17日 |
4.3 |
CVE-2016-5028
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file. |
2017年02月17日 |
4.3 |
CVE-2016-5029
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. |
2017年02月17日 |
4.3 |
CVE-2016-5030
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
2017年02月17日 |
4.3 |
CVE-2016-5031
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. |
2017年02月17日 |
4.3 |
CVE-2016-5032
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
2017年02月17日 |
4.3 |
CVE-2016-5033
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records. |
2017年02月17日 |
4.3 |
CVE-2016-5034
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
2017年02月17日 |
4.3 |
CVE-2016-5035
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data. |
2017年02月17日 |
5.0 |
CVE-2016-5036
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. |
2017年02月17日 |
4.3 |
CVE-2016-5037
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str. |
2017年02月17日 |
5.0 |
CVE-2016-5038
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on. |
2017年02月17日 |
5.0 |
CVE-2016-5039
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header. |
2017年02月17日 |
4.3 |
CVE-2016-5040
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section. |
2017年02月17日 |
5.0 |
CVE-2016-5042
MLIST
MLIST
CONFIRM
CONFIRM
|
| libdwarf_project -- libdwarf |
The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section. |
2017年02月17日 |
5.0 |
CVE-2016-5043
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section. |
2017年02月17日 |
5.0 |
CVE-2016-5044
MLIST
MLIST
CONFIRM
|
| libdwarf_project -- libdwarf |
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. |
2017年02月17日 |
4.3 |
CVE-2016-7510
MISC
CONFIRM
|
| libdwarf_project -- libdwarf |
Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. |
2017年02月17日 |
4.3 |
CVE-2016-7511
CONFIRM
CONFIRM
|
| linux -- linux_kernel |
The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. |
2017年02月24日 |
4.6 |
CVE-2017-5669
MISC
CONFIRM
|
| linux -- linux_kernel |
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. |
2017年02月23日 |
5.0 |
CVE-2017-6214
CONFIRM
CONFIRM
CONFIRM
|
| mail-masta -- mail-masta_plugin |
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list. |
2017年02月21日 |
6.5 |
CVE-2017-6096
MISC
|
| mail-masta -- mail-masta_plugin |
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id. |
2017年02月21日 |
6.5 |
CVE-2017-6097
MISC
|
| mail-masta -- mail-masta_plugin |
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id. |
2017年02月21日 |
6.5 |
CVE-2017-6098
MISC
|
| mantisbt -- mantisbt |
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. |
2017年02月17日 |
4.3 |
CVE-2016-5364
MLIST
CONFIRM
CONFIRM
CONFIRM
|
| metalgenix -- genixcms |
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. |
2017年02月17日 |
6.5 |
CVE-2017-6065
MISC
|
| shadow_project -- shadow |
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. |
2017年02月17日 |
4.6 |
CVE-2016-6252
MLIST
MLIST
MLIST
MLIST
BID
CONFIRM
CONFIRM
|
| tcpdf_project -- tcpdf |
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. |
2017年02月23日 |
5.0 |
CVE-2017-6100
MLIST
CONFIRM
CONFIRM
|
| tnef_project -- tnef |
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. |
2017年02月23日 |
6.8 |
CVE-2017-6307
MISC
MISC
MISC
|
| tnef_project -- tnef |
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. |
2017年02月23日 |
6.8 |
CVE-2017-6308
MISC
MISC
MISC
|
| tnef_project -- tnef |
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. |
2017年02月23日 |
6.8 |
CVE-2017-6309
MISC
MISC
MISC
|
| tnef_project -- tnef |
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. |
2017年02月23日 |
6.8 |
CVE-2017-6310
MISC
MISC
MISC
|
| trendmicro -- interscan_web_security_virtual_appliance |
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737. |
2017年02月21日 |
4.0 |
CVE-2016-9314
CONFIRM
|
| trendmicro -- interscan_web_security_virtual_appliance |
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737. |
2017年02月21日 |
4.0 |
CVE-2016-9315
CONFIRM
|
| ytnef_project -- ytnef |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked." |
2017年02月23日 |
6.8 |
CVE-2017-6298
MISC
MISC
MISC
|
| ytnef_project -- ytnef |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." |
2017年02月23日 |
4.3 |
CVE-2017-6299
MISC
MISC
MISC
|
| ytnef_project -- ytnef |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h." |
2017年02月23日 |
6.8 |
CVE-2017-6300
MISC
MISC
MISC
|
| ytnef_project -- ytnef |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads." |
2017年02月23日 |
6.8 |
CVE-2017-6301
MISC
MISC
MISC
|
| ytnef_project -- ytnef |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." |
2017年02月23日 |
6.8 |
CVE-2017-6302
MISC
MISC
MISC
|
| ytnef_project -- ytnef |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." |
2017年02月23日 |
6.8 |
CVE-2017-6303
MISC
MISC
MISC
|
| ytnef_project -- ytnef |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." |
2017年02月23日 |
6.8 |
CVE-2017-6304
MISC
MISC
MISC
|
| ytnef_project -- ytnef |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write." |
2017年02月23日 |
6.8 |
CVE-2017-6305
MISC
MISC
MISC
|
| ytnef_project -- ytnef |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c." |
2017年02月23日 |
6.8 |
CVE-2017-6306
MISC
MISC
MISC
|