Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-10363 |
Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit. Published: June 16, 2017; 5:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-10362 |
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. Published: June 16, 2017; 5:29:00 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-1000222 |
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. Published: June 16, 2017; 5:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-1000221 |
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. Published: June 16, 2017; 5:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-1000220 |
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. Published: June 16, 2017; 5:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-1000219 |
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. Published: June 16, 2017; 5:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-1000218 |
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. Published: June 16, 2017; 5:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-9056 |
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. Published: June 16, 2017; 5:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-7507 |
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. Published: June 16, 2017; 3:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-6899 |
The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted /sys/kernel/debug/msm-bus-dbg/client-data/update-request write request. Published: June 16, 2017; 1:29:00 PM -0400 |
V3.0: 6.2 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-9731 |
In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package. Published: June 16, 2017; 11:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-9729 |
In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression. Published: June 16, 2017; 11:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-9728 |
In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression. Published: June 16, 2017; 11:29:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-9602 |
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code. Published: June 16, 2017; 9:29:00 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7884 |
In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup. This occurs because of "RW NT AUTHORITY\Authenticated Users" permissions for %SYSTEMDRIVE%\apcupsd\bin\apcupsd.exe. Published: June 16, 2017; 9:29:00 AM -0400 |
V3.0: 8.4 HIGH V2.0: 7.2 HIGH |
CVE-2017-9601 |
The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: June 16, 2017; 8:29:01 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-9600 |
The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: June 16, 2017; 8:29:01 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-9599 |
The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: June 16, 2017; 8:29:01 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-9598 |
The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: June 16, 2017; 8:29:01 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-9597 |
The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: June 16, 2017; 8:29:01 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |