CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1401 CVE-2016-1221 295 +Info 2017-04-21 2017-04-28
4.3
None Remote Medium Not required Partial None None
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
1402 CVE-2016-1220 284 2017-04-20 2017-04-25
4.0
None Remote Low ??? Partial None None
Cybozu Garoon before 4.2.2 does not properly restrict access.
1403 CVE-2016-1219 287 Bypass 2017-04-20 2017-04-25
7.5
None Remote Low Not required Partial Partial Partial
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
1404 CVE-2016-1218 89 Sql 2017-04-20 2017-04-25
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
1405 CVE-2016-1217 79 XSS 2017-04-20 2017-04-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
1406 CVE-2016-1216 79 XSS 2017-04-20 2017-04-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
1407 CVE-2016-1215 79 XSS 2017-04-20 2017-04-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
1408 CVE-2016-1214 79 XSS 2017-04-20 2017-04-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
1409 CVE-2016-1213 601 2017-04-20 2017-04-25
5.8
None Remote Medium Not required Partial Partial None
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
1410 CVE-2016-1210 295 +Info 2017-04-21 2017-04-29
4.3
None Remote Medium Not required Partial None None
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
1411 CVE-2016-1198 295 2017-04-21 2017-04-26
4.3
None Remote Medium Not required Partial None None
Photopt for Android before 2.0.1 does not verify SSL certificates.
1412 CVE-2016-1194 399 DoS 2017-04-21 2017-04-27
4.0
None Remote Low ??? None None Partial
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
1413 CVE-2016-1187 200 +Info 2017-04-21 2017-04-27
4.3
None Remote Medium Not required Partial None None
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
1414 CVE-2016-1186 295 2017-04-21 2017-04-26
4.3
None Remote Medium Not required Partial None None
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
1415 CVE-2016-1184 295 2017-04-21 2021-09-09
4.3
None Remote Medium Not required None Partial None
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.
1416 CVE-2016-1179 79 XSS 2017-04-12 2017-04-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.
1417 CVE-2016-1178 284 2017-04-12 2017-04-20
6.4
None Remote Low Not required Partial Partial None
The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.
1418 CVE-2016-1161 352 CSRF 2017-04-20 2017-04-26
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500).
1419 CVE-2016-1155 74 2017-04-13 2017-04-24
7.5
None Remote Low Not required Partial Partial Partial
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.
1420 CVE-2016-1148 295 2017-04-21 2020-06-23
4.3
None Remote Medium Not required Partial None None
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.
1421 CVE-2016-1132 295 2017-04-13 2017-04-20
5.0
None Remote Low Not required None Partial None
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.
1422 CVE-2016-0833 DoS 2017-04-21 2017-04-27
7.8
None Remote Low Not required None None Complete
Android allows users to cause a denial of service.
1423 CVE-2016-0779 502 Exec Code 2017-04-11 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.
1424 CVE-2016-0727 264 +Priv 2017-04-14 2017-04-20
7.2
None Local Low Not required Complete Complete Complete
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.
1425 CVE-2016-0721 384 2017-04-21 2017-04-27
4.3
None Remote Medium Not required None Partial None
Session fixation vulnerability in pcsd in pcs before 0.9.157.
1426 CVE-2016-0720 352 CSRF 2017-04-21 2017-04-27
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
1427 CVE-2016-0228 601 2017-04-17 2017-04-21
4.9
None Remote Medium ??? Partial Partial None
IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.
1428 CVE-2015-9019 330 2017-04-05 2017-04-11
5.0
None Remote Low Not required Partial None None
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
1429 CVE-2015-8965 264 Exec Code 2017-04-06 2021-01-30
7.5
None Remote Low Not required Partial Partial Partial
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.
1430 CVE-2015-8959 399 DoS 2017-04-20 2020-11-16
7.1
None Remote Medium Not required None None Complete
coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.
1431 CVE-2015-8958 125 DoS 2017-04-20 2017-05-09
4.3
None Remote Medium Not required None None Partial
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
1432 CVE-2015-8957 119 DoS Overflow 2017-04-20 2017-05-09
4.3
None Remote Medium Not required None None Partial
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
1433 CVE-2015-8864 79 XSS 2017-04-13 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
1434 CVE-2015-8780 22 Dir. Trav. 2017-04-13 2017-04-25
6.9
None Local Medium Not required Complete Complete Complete
Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.
1435 CVE-2015-8671 264 2017-04-02 2017-04-05
6.5
None Remote Low ??? Partial Partial Partial
Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions.
1436 CVE-2015-8670 20 DoS 2017-04-02 2017-04-05
4.0
None Remote Low ??? None None Partial
Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service.
1437 CVE-2015-8666 787 Overflow 2017-04-11 2020-10-13
3.3
None Local Medium Not required None Partial Partial
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
1438 CVE-2015-8619 787 DoS 2017-04-13 2020-12-14
5.0
None Remote Low Not required None None Partial
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
1439 CVE-2015-8613 787 DoS Overflow 2017-04-11 2020-09-11
1.9
None Local Medium Not required None None Partial
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.
1440 CVE-2015-8568 772 DoS 2017-04-11 2020-09-10
4.7
None Local Medium Not required None None Complete
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.
1441 CVE-2015-8567 401 DoS 2017-04-13 2020-09-09
6.8
None Remote Low ??? None None Complete
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
1442 CVE-2015-8504 369 DoS 2017-04-11 2020-09-09
3.5
None Remote Medium ??? None None Partial
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
1443 CVE-2015-8378 200 +Info 2017-04-10 2017-04-15
5.0
None Remote Low Not required Partial None None
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.
1444 CVE-2015-8356 89 Exec Code Sql 2017-04-14 2018-10-09
6.0
None Remote Medium ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.
1445 CVE-2015-8345 399 DoS 2017-04-13 2020-12-14
2.1
None Local Low Not required None None Partial
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
1446 CVE-2015-8285 119 DoS Overflow 2017-04-20 2017-04-27
5.0
None Remote Low Not required None None Partial
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.
1447 CVE-2015-8284 284 2017-04-13 2017-04-19
6.5
None Remote Low ??? Partial Partial Partial
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
1448 CVE-2015-8283 22 Dir. Trav. 2017-04-13 2017-04-19
6.8
None Remote Low ??? Complete None None
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
1449 CVE-2015-8282 255 2017-04-13 2017-04-19
7.5
None Remote Low Not required Partial Partial Partial
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.
1450 CVE-2015-8276 200 +Info 2017-04-10 2017-04-13
4.3
None Remote Medium Not required Partial None None
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files.
Total number of vulnerabilities : 1574   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 (This Page)30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.