CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2015-8275 284 2017-04-10 2017-04-13
4.3
None Remote Medium Not required None Partial None
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.
1452 CVE-2015-8272 476 DoS 2017-04-13 2017-11-04
4.3
None Remote Medium Not required None None Partial
RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).
1453 CVE-2015-8271 123 Exec Code 2017-04-13 2017-11-04
7.5
None Remote Low Not required Partial Partial Partial
The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.
1454 CVE-2015-8270 476 DoS 2017-04-13 2017-11-04
5.0
None Remote Low Not required None None Partial
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).
1455 CVE-2015-8258 74 2017-04-10 2017-04-13
7.8
None Remote Low Not required None Complete None
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
1456 CVE-2015-8256 79 XSS 2017-04-17 2017-04-25
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
1457 CVE-2015-8255 352 CSRF 2017-04-10 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.
1458 CVE-2015-8223 275 DoS 2017-04-13 2017-04-25
4.9
None Local Low Not required None None Complete
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver.
1459 CVE-2015-8110 264 +Priv 2017-04-24 2017-04-28
7.2
None Local Low Not required Complete Complete Complete
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."
1460 CVE-2015-8109 255 +Priv 2017-04-24 2017-04-29
6.9
None Local Medium Not required Complete Complete Complete
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."
1461 CVE-2015-8107 134 Exec Code 2017-04-13 2017-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
1462 CVE-2015-7893 20 2017-04-11 2017-04-17
6.8
None Remote Medium Not required Partial Partial Partial
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
1463 CVE-2015-7847 20 DoS 2017-04-02 2017-04-11
4.9
None Local Low Not required None None Complete
Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack.
1464 CVE-2015-7844 20 2017-04-02 2017-04-05
7.8
None Remote Low Not required None None Complete
Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable.
1465 CVE-2015-7826 295 2017-04-10 2017-04-15
7.5
None Remote Low Not required Partial Partial Partial
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.
1466 CVE-2015-7825 DoS 2017-04-10 2017-04-15
7.8
None Remote Low Not required None None Complete
botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.
1467 CVE-2015-7824 200 +Info 2017-04-10 2017-04-15
5.0
None Remote Low Not required Partial None None
botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.
1468 CVE-2015-7740 20 DoS 2017-04-13 2017-04-25
4.9
None Local Low Not required None None Complete
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.
1469 CVE-2015-7570 918 2017-04-24 2018-10-09
6.4
None Remote Low Not required Partial Partial None
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.
1470 CVE-2015-7569 89 Exec Code Sql 2017-04-24 2019-03-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
1471 CVE-2015-7568 89 Sql 2017-04-24 2019-03-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
1472 CVE-2015-7565 79 XSS 2017-04-13 2018-08-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.
1473 CVE-2015-7564 89 Exec Code Sql 2017-04-12 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
1474 CVE-2015-7563 352 CSRF 2017-04-12 2020-06-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
1475 CVE-2015-7562 79 XSS 2017-04-12 2017-04-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
1476 CVE-2015-7292 119 DoS Overflow 2017-04-10 2017-04-15
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.
1477 CVE-2015-7275 79 XSS 2017-04-10 2017-04-14
4.3
None Remote Medium Not required None Partial None
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.
1478 CVE-2015-7274 264 Exec Code 2017-04-10 2017-04-14
6.5
None Remote Low ??? Partial Partial Partial
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.
1479 CVE-2015-7273 611 2017-04-10 2017-04-14
7.5
None Remote Low Not required Partial Partial Partial
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.
1480 CVE-2015-7272 119 DoS Overflow 2017-04-10 2017-04-14
7.5
None Remote Low Not required Partial Partial Partial
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.
1481 CVE-2015-7271 134 2017-04-10 2017-04-14
7.5
None Remote Low Not required Partial Partial Partial
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.
1482 CVE-2015-7270 22 Dir. Trav. 2017-04-10 2017-04-14
4.6
None Local Low Not required Partial Partial Partial
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.
1483 CVE-2015-7265 284 Bypass 2017-04-10 2018-08-13
5.0
None Remote Low Not required None Partial None
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.
1484 CVE-2015-7264 74 2017-04-10 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.
1485 CVE-2015-7263 284 Bypass 2017-04-10 2018-08-13
5.0
None Remote Low Not required None Partial None
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.
1486 CVE-2015-7260 264 +Priv 2017-04-10 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.
1487 CVE-2015-7247 200 +Info 2017-04-24 2017-04-28
7.8
None Remote Low Not required Complete None None
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.
1488 CVE-2015-7246 798 2017-04-24 2017-04-28
10.0
None Remote Low Not required Complete Complete Complete
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
1489 CVE-2015-7245 22 Dir. Trav. 2017-04-24 2017-04-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
1490 CVE-2015-6674 119 Overflow 2017-04-13 2020-09-14
7.5
None Remote Low Not required Partial Partial Partial
Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.
1491 CVE-2015-6568 20 Exec Code 2017-04-14 2017-09-17
6.5
None Remote Low ??? Partial Partial Partial
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.
1492 CVE-2015-6567 20 Exec Code 2017-04-14 2017-09-17
6.5
None Remote Low ??? Partial Partial Partial
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.
1493 CVE-2015-6035 79 XSS 2017-04-10 2017-04-13
4.3
None Remote Medium Not required None Partial None
Opsview before 2015-11-06 has XSS via SNMP.
1494 CVE-2015-6028 89 Sql 2017-04-10 2021-09-13
6.5
None Remote Low ??? Partial Partial Partial
Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.
1495 CVE-2015-6027 79 XSS 2017-04-10 2021-09-13
4.3
None Remote Medium Not required None Partial None
Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.
1496 CVE-2015-6021 79 XSS 2017-04-10 2017-04-14
4.3
None Remote Medium Not required None Partial None
Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response.
1497 CVE-2015-4680 295 2017-04-05 2018-10-09
5.0
None Remote Low Not required None Partial None
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
1498 CVE-2015-4673 79 XSS 2017-04-06 2017-04-12
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php.
1499 CVE-2015-4646 20 DoS 2017-04-13 2019-10-24
5.0
None Remote Low Not required None None Partial
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.
1500 CVE-2015-2947 441 2017-04-13 2017-04-25
6.4
None Remote Low Not required None Partial Partial
KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.
Total number of vulnerabilities : 1574   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.