CVE-2014-9804CVE-2014-9804

Affected configuration(s):

cpe:/a:imagemagick:imagemagick:-

Date published: 2017-03-30T11:59:00.170-04:00

Date last modified: 2017-04-03T10:22:18.733-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.openwall.com/lists/oss-security/2014/12/24/1

Summary: vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to “too many object.”

CVE-2017-0881CVE-2017-0881

Affected configuration(s):

cpe:/a:zulip:zulip:1.4.2

Date published: 2017-03-27T22:59:01.463-04:00

Date last modified: 2017-04-03T09:40:45.027-04:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/97159

Summary: An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.

CVE-2017-0882CVE-2017-0882

Affected configuration(s):

cpe:/a:gitlab:gitlab:8.2.0
cpe:/a:gitlab:gitlab:8.2.1
cpe:/a:gitlab:gitlab:8.2.2
cpe:/a:gitlab:gitlab:8.2.3
cpe:/a:gitlab:gitlab:8.2.4
cpe:/a:gitlab:gitlab:8.2.5
cpe:/a:gitlab:gitlab:8.3.0
cpe:/a:gitlab:gitlab:8.3.8
cpe:/a:gitlab:gitlab:8.3.9
cpe:/a:gitlab:gitlab:8.4.0
cpe:/a:gitlab:gitlab:8.4.9
cpe:/a:gitlab:gitlab:8.4.10
cpe:/a:gitlab:gitlab:8.5.0
cpe:/a:gitlab:gitlab:8.5.11
cpe:/a:gitlab:gitlab:8.5.12
cpe:/a:gitlab:gitlab:8.6.0
cpe:/a:gitlab:gitlab:8.6.7
cpe:/a:gitlab:gitlab:8.6.8
cpe:/a:gitlab:gitlab:8.7.0
cpe:/a:gitlab:gitlab:8.7.1
cpe:/a:gitlab:gitlab:8.10.0
cpe:/a:gitlab:gitlab:8.10.12
cpe:/a:gitlab:gitlab:8.10.13
cpe:/a:gitlab:gitlab:8.11.0
cpe:/a:gitlab:gitlab:8.11.9
cpe:/a:gitlab:gitlab:8.11.10
cpe:/a:gitlab:gitlab:8.12.0
cpe:/a:gitlab:gitlab:8.12.7
cpe:/a:gitlab:gitlab:8.12.8
cpe:/a:gitlab:gitlab:8.13.0
cpe:/a:gitlab:gitlab:8.13.2
cpe:/a:gitlab:gitlab:8.13.3
cpe:/a:gitlab:gitlab:8.14.0
cpe:/a:gitlab:gitlab:8.14.1
cpe:/a:gitlab:gitlab:8.14.2
cpe:/a:gitlab:gitlab:8.14.3
cpe:/a:gitlab:gitlab:8.14.4
cpe:/a:gitlab:gitlab:8.14.5
cpe:/a:gitlab:gitlab:8.14.6
cpe:/a:gitlab:gitlab:8.15.0
cpe:/a:gitlab:gitlab:8.15.1
cpe:/a:gitlab:gitlab:8.15.2
cpe:/a:gitlab:gitlab:8.15.3
cpe:/a:gitlab:gitlab:8.15.4
cpe:/a:gitlab:gitlab:8.15.5
cpe:/a:gitlab:gitlab:8.15.6
cpe:/a:gitlab:gitlab:8.15.7
cpe:/a:gitlab:gitlab:8.16.0
cpe:/a:gitlab:gitlab:8.16.1
cpe:/a:gitlab:gitlab:8.16.2
cpe:/a:gitlab:gitlab:8.16.3
cpe:/a:gitlab:gitlab:8.16.4
cpe:/a:gitlab:gitlab:8.16.5
cpe:/a:gitlab:gitlab:8.16.6
cpe:/a:gitlab:gitlab:8.16.7
cpe:/a:gitlab:gitlab:8.17.0
cpe:/a:gitlab:gitlab:8.17.1
cpe:/a:gitlab:gitlab:8.17.2
cpe:/a:gitlab:gitlab:8.17.3

Date published: 2017-03-27T22:59:01.497-04:00

Date last modified: 2017-04-03T09:59:46.640-04:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/97157

Summary: Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.

CVE-2014-6440CVE-2014-6440

Affected configuration(s):

cpe:/a:videolan:vlc:2.1.4

Date published: 2017-03-28T11:59:00.160-04:00

Date last modified: 2017-04-03T10:21:56.013-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/

Summary: VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.

CVE-2014-3582CVE-2014-3582

Affected configuration(s):

cpe:/a:apache:ambari:2.2.2

Date published: 2017-03-29T16:59:00.170-04:00

Date last modified: 2017-05-30T21:29:00.267-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0

Summary: In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.

CVE-2017-1143CVE-2017-1143

Affected configuration(s):

cpe:/a:ibm:kenexa_lcms_premier:9.1
cpe:/a:ibm:kenexa_lcms_premier:9.2
cpe:/a:ibm:kenexa_lcms_premier:9.2.1
cpe:/a:ibm:kenexa_lcms_premier:9.3
cpe:/a:ibm:kenexa_lcms_premier:9.4
cpe:/a:ibm:kenexa_lcms_premier:9.5
cpe:/a:ibm:kenexa_lcms_premier:10.0
cpe:/a:ibm:kenexa_lcms_premier:10.2
cpe:/a:ibm:kenexa_lcms_premier:10.3

Date published: 2017-03-27T18:59:00.350-04:00

Date last modified: 2017-03-31T06:47:59.167-04:00

CVSS Score: 3.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.ibm.com/support/docview.wss?uid=swg21998874

Summary: IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874.

CVE-2017-1142CVE-2017-1142

Affected configuration(s):

cpe:/a:ibm:kenexa_lcms_premier:9.1
cpe:/a:ibm:kenexa_lcms_premier:9.2
cpe:/a:ibm:kenexa_lcms_premier:9.2.1
cpe:/a:ibm:kenexa_lcms_premier:9.3
cpe:/a:ibm:kenexa_lcms_premier:9.4
cpe:/a:ibm:kenexa_lcms_premier:9.5
cpe:/a:ibm:kenexa_lcms_premier:10.0
cpe:/a:ibm:kenexa_lcms_premier:10.2
cpe:/a:ibm:kenexa_lcms_premier:10.3

Date published: 2017-03-27T18:59:00.320-04:00

Date last modified: 2017-03-31T06:47:30.637-04:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.ibm.com/support/docview.wss?uid=swg21998874

Summary: IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.

CVE-2017-1153CVE-2017-1153

Affected configuration(s):

cpe:/a:ibm:tririga_application_platform:3.3.0.0
cpe:/a:ibm:tririga_application_platform:3.3.0.1
cpe:/a:ibm:tririga_application_platform:3.3.0.2
cpe:/a:ibm:tririga_application_platform:3.3.1.0
cpe:/a:ibm:tririga_application_platform:3.3.1.1
cpe:/a:ibm:tririga_application_platform:3.3.1.2
cpe:/a:ibm:tririga_application_platform:3.3.1.3
cpe:/a:ibm:tririga_application_platform:3.3.2.0
cpe:/a:ibm:tririga_application_platform:3.3.2.1
cpe:/a:ibm:tririga_application_platform:3.3.2.2
cpe:/a:ibm:tririga_application_platform:3.3.2.3
cpe:/a:ibm:tririga_application_platform:3.3.2.4
cpe:/a:ibm:tririga_application_platform:3.3.2.5
cpe:/a:ibm:tririga_application_platform:3.4.0.0
cpe:/a:ibm:tririga_application_platform:3.4.0.1
cpe:/a:ibm:tririga_application_platform:3.4.1.0
cpe:/a:ibm:tririga_application_platform:3.4.1.1
cpe:/a:ibm:tririga_application_platform:3.4.1.2
cpe:/a:ibm:tririga_application_platform:3.4.1.3
cpe:/a:ibm:tririga_application_platform:3.4.2.0
cpe:/a:ibm:tririga_application_platform:3.4.2.1
cpe:/a:ibm:tririga_application_platform:3.4.2.2
cpe:/a:ibm:tririga_application_platform:3.4.2.3
cpe:/a:ibm:tririga_application_platform:3.4.2.4
cpe:/a:ibm:tririga_application_platform:3.4.2.5
cpe:/a:ibm:tririga_application_platform:3.5.0.0
cpe:/a:ibm:tririga_application_platform:3.5.0.1
cpe:/a:ibm:tririga_application_platform:3.5.0.2
cpe:/a:ibm:tririga_application_platform:3.5.1
cpe:/a:ibm:tririga_application_platform:3.5.1.1
cpe:/a:ibm:tririga_application_platform:3.5.1.2
cpe:/a:ibm:tririga_application_platform:3.5.1.3
cpe:/a:ibm:tririga_application_platform:3.5.2

Date published: 2017-03-27T18:59:00.367-04:00

Date last modified: 2017-03-30T10:27:49.723-04:00

CVSS Score: 6.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.ibm.com/support/docview.wss?uid=swg21999563

Summary: IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.

CVE-2017-1120CVE-2017-1120

Affected configuration(s):

cpe:/a:ibm:websphere_portal:8.5
cpe:/a:ibm:websphere_portal:9.0

Date published: 2017-03-27T18:59:00.287-04:00

Date last modified: 2017-07-11T21:29:08.520-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.ibm.com/support/docview.wss?uid=swg22000152

Summary: IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.

CVE-2014-9920CVE-2014-9920

Affected configuration(s):

cpe:/a:mcafee:application_control:6.0.0
cpe:/a:mcafee:application_control:6.0.1
cpe:/a:mcafee:application_control:6.1.0
cpe:/a:mcafee:application_control:6.1.1
cpe:/a:mcafee:application_control:6.1.2
cpe:/a:mcafee:application_control:6.1.3

Date published: 2017-03-14T18:59:00.307-04:00

Date last modified: 2017-03-29T09:41:10.540-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://kc.mcafee.com/corporate/index?page=content&id=SB10077

Summary: Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.