CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-7920 264 +Priv 2017-04-13 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
2 CVE-2014-7921 264 +Priv 2017-04-13 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.
3 CVE-2015-2881 798 2017-04-10 2017-04-13
10.0
None Remote Low Not required Complete Complete Complete
Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.
4 CVE-2015-2882 798 2017-04-10 2017-04-14
10.0
None Remote Low Not required Complete Complete Complete
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.
5 CVE-2015-2885 798 2017-04-10 2017-04-13
10.0
None Remote Low Not required Complete Complete Complete
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.
6 CVE-2015-2887 798 2017-04-10 2017-04-13
10.0
None Remote Low Not required Complete Complete Complete
iBaby M3S has a password of admin for the backdoor admin account.
7 CVE-2015-7246 798 2017-04-24 2017-04-28
10.0
None Remote Low Not required Complete Complete Complete
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
8 CVE-2015-7292 119 DoS Overflow 2017-04-10 2017-04-15
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.
9 CVE-2016-1555 77 Exec Code 2017-04-21 2019-04-16
10.0
None Remote Low Not required Complete Complete Complete
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
10 CVE-2016-1558 119 Overflow 2017-04-21 2017-04-27
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.
11 CVE-2016-1560 798 2017-04-21 2017-04-27
10.0
None Remote Low Not required Complete Complete Complete
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.
12 CVE-2016-3109 20 Exec Code 2017-04-21 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.
13 CVE-2016-4898 20 Exec Code 2017-04-13 2017-04-19
10.0
None Remote Low Not required Complete Complete Complete
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
14 CVE-2016-4899 20 Exec Code 2017-04-13 2017-04-19
10.0
None Remote Low Not required Complete Complete Complete
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
15 CVE-2016-5066 255 2017-04-10 2017-04-14
10.0
None Remote Low Not required Complete Complete Complete
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
16 CVE-2016-5071 264 2017-04-10 2017-04-14
10.0
None Remote Low Not required Complete Complete Complete
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
17 CVE-2016-6726 2017-04-17 2017-04-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.
18 CVE-2016-6727 264 Exec Code 2017-04-17 2017-04-24
10.0
None Remote Low Not required Complete Complete Complete
The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code.
19 CVE-2016-6818 89 DoS Sql +Info 2017-04-13 2018-12-10
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633.
20 CVE-2016-7552 22 Dir. Trav. Bypass 2017-04-12 2017-04-17
10.0
None Remote Low Not required Complete Complete Complete
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
21 CVE-2016-10229 358 Exec Code 2017-04-04 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
22 CVE-2016-10312 77 Exec Code 2017-04-03 2017-04-10
10.0
None Remote Low Not required Complete Complete Complete
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages.
23 CVE-2017-0561 787 Exec Code 2017-04-07 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.
24 CVE-2017-2096 78 Exec Code 2017-04-28 2020-09-09
10.0
None Remote Low Not required Complete Complete Complete
smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
25 CVE-2017-2142 119 Exec Code Overflow 2017-04-28 2017-05-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
26 CVE-2017-2320 200 DoS +Info 2017-04-24 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.
27 CVE-2017-2434 20 2017-04-02 2017-07-12
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.
28 CVE-2017-3037 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.
29 CVE-2017-3059 416 Exec Code 2017-04-12 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.
30 CVE-2017-3060 125 Exec Code Mem. Corr. 2017-04-12 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.
31 CVE-2017-3061 119 Exec Code Overflow Mem. Corr. 2017-04-12 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
32 CVE-2017-3062 416 Exec Code 2017-04-12 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.
33 CVE-2017-3063 416 Exec Code 2017-04-12 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.
34 CVE-2017-3066 502 Exec Code 2017-04-27 2020-05-15
10.0
None Remote Low Not required Complete Complete Complete
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution.
35 CVE-2017-3623 2017-04-24 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3623 is assigned for "Ebbisland". Solaris 10 systems which have had any Kernel patch installed after, or updated via patching tools since 2012-01-26 are not impacted. Also, any Solaris 10 system installed with Solaris 10 1/13 (Solaris 10 Update 11) are not vulnerable. Solaris 11 is not impacted by this issue. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
36 CVE-2017-3834 1188 2017-04-06 2021-04-22
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691.
37 CVE-2017-6553 119 Overflow Mem. Corr. 2017-04-29 2017-08-13
10.0
None Remote Low Not required Complete Complete Complete
Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.
38 CVE-2017-7279 565 2017-04-12 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.
39 CVE-2017-7450 287 2017-04-05 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.
40 CVE-2017-7588 287 2017-04-12 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.
41 CVE-2017-7689 77 2017-04-11 2017-04-18
10.0
None Remote Low Not required Complete Complete Complete
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.
42 CVE-2017-7722 77 2017-04-12 2017-04-21
10.0
None Remote Low Not required Complete Complete Complete
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
43 CVE-2017-7895 119 Overflow 2017-04-28 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
44 CVE-2017-7964 1188 2017-04-19 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.
45 CVE-2017-8051 78 2017-04-21 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
46 CVE-2017-8218 1188 2017-04-25 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.
47 CVE-2017-8224 798 2017-04-25 2017-05-05
10.0
None Remote Low Not required Complete Complete Complete
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
48 CVE-2010-1816 119 DoS Exec Code Overflow 2017-04-13 2017-04-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image.
49 CVE-2014-9922 264 +Priv 2017-04-04 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
50 CVE-2016-4650 119 DoS Exec Code Overflow Mem. Corr. 2017-04-20 2019-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Total number of vulnerabilities : 1574   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.