Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3063 | 1 Netapp | 1 Oncommand System Manager | 2017-11-16 | 4.4 MEDIUM | 7.5 HIGH |
| Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | |||||
| CVE-2014-3744 | 1 Nodejs | 1 Node.js | 2017-11-15 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. | |||||
| CVE-2017-6145 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2017-11-15 | 7.5 HIGH | 7.3 HIGH |
| iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens. | |||||
| CVE-2017-6144 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2017-11-15 | 5.8 MEDIUM | 7.4 HIGH |
| In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected. | |||||
| CVE-2017-14696 | 1 Saltstack | 1 Salt | 2017-11-15 | 5.0 MEDIUM | 7.5 HIGH |
| SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | |||||
| CVE-2017-1000139 | 1 Mahara | 1 Mahara | 2017-11-15 | 6.0 MEDIUM | 8.0 HIGH |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. | |||||
| CVE-2014-0115 | 1 Apache | 1 Storm | 2017-11-15 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log. | |||||
| CVE-2017-15879 | 1 Keystonejs | 1 Keystone | 2017-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | |||||
| CVE-2017-15643 | 1 Ikarussecurity | 1 Ikarus Antivirus | 2017-11-14 | 7.6 HIGH | 7.4 HIGH |
| An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client to initiate an update transaction by modifying an update field within an HTTP 200 response, so that it refers to a nonexistent update. The attacker then modifies the HTTP 404 response so that it specifies a successfully found update, with a Trojan horse executable file (e.g., guardxup.exe) and the correct CRC32 checksum for that file. | |||||
| CVE-2014-0691 | 1 Cisco | 1 Webex Meetings Server | 2017-11-14 | 5.0 MEDIUM | 7.3 HIGH |
| Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643. | |||||
| CVE-2012-4568 | 1 Letodms Project | 1 Letodms | 2017-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2017-8022 | 1 Emc | 1 Networker | 2017-11-14 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform. | |||||
| CVE-2017-15949 | 1 Angry-frog | 1 Xavier | 2017-11-14 | 6.5 MEDIUM | 7.2 HIGH |
| Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. | |||||
| CVE-2017-15935 | 1 Artica | 1 Pandora Fms | 2017-11-14 | 9.0 HIGH | 7.2 HIGH |
| Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. | |||||
| CVE-2017-12705 | 1 Advantech | 1 Webop | 2017-11-14 | 4.6 MEDIUM | 7.8 HIGH |
| A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code. | |||||
| CVE-2015-5699 | 1 Cumulusnetworks | 1 Cumulus Linux | 2017-11-14 | 7.2 HIGH | 7.8 HIGH |
| The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label. | |||||
| CVE-2016-4736 | 1 Apple | 1 Mac Os X | 2017-11-14 | 9.3 HIGH | 8.8 HIGH |
| libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-1583 | 1 Ibm | 1 Liberty | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. | |||||
| CVE-2017-1375 | 1 Ibm | 1 Storwize Unified V7000 Software | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868. | |||||
| CVE-2012-6707 | 1 Wordpress | 1 Wordpress | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. | |||||
| CVE-2016-1246 | 3 Dbd-mysql Project, Debian, Perl | 3 Dbd-mysql, Debian Linux, Perl | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. | |||||
| CVE-2017-15951 | 1 Linux | 1 Linux Kernel | 2017-11-13 | 7.2 HIGH | 7.8 HIGH |
| The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. | |||||
| CVE-2017-16357 | 1 Radare | 1 Radare2 | 2017-11-13 | 6.8 MEDIUM | 7.8 HIGH |
| In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. | |||||
| CVE-2017-16358 | 1 Radare | 1 Radare2 | 2017-11-13 | 6.8 MEDIUM | 7.8 HIGH |
| In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. | |||||
| CVE-2016-1000115 | 1 Huge-it | 1 Portfolio Gallery Manager | 2017-11-13 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2017-1000150 | 1 Mahara | 1 Mahara | 2017-11-13 | 6.5 MEDIUM | 8.8 HIGH |
| Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks. | |||||
| CVE-2017-1000151 | 1 Mahara | 1 Mahara | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. | |||||
| CVE-2017-1000133 | 1 Mahara | 1 Mahara | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. | |||||
| CVE-2017-13720 | 1 X.org | 1 Libxfont | 2017-11-13 | 3.6 LOW | 7.1 HIGH |
| In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. | |||||
| CVE-2017-13722 | 1 X.org | 1 Libxfont | 2017-11-13 | 3.6 LOW | 7.1 HIGH |
| In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. | |||||
| CVE-2016-10124 | 1 Linuxcontainers | 1 Lxc | 2017-11-13 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container. | |||||
| CVE-2017-14353 | 1 Hp | 1 Ucmdb Foundation Software | 2017-11-11 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | |||||
| CVE-2015-7848 | 1 Ntp | 1 Ntp-dev | 2017-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. | |||||
| CVE-2017-12710 | 1 Advantech | 1 Webaccess | 2017-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | |||||
| CVE-2016-0728 | 3 Google, Hp, Linux | 3 Android, Server Migration Pack, Linux Kernel | 2017-11-10 | 7.2 HIGH | 7.8 HIGH |
| The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. | |||||
| CVE-2017-14719 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | |||||
| CVE-2017-14722 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | |||||
| CVE-2017-3260 | 1 Oracle | 2 Jdk, Jre | 2017-11-10 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2017-9368 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2017-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files. | |||||
| CVE-2017-2132 | 1 Panasonic | 2 Kx-hjb1000, Kx-hjb1000 Firmware | 2017-11-08 | 6.4 MEDIUM | 7.5 HIGH |
| Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. | |||||
| CVE-2017-15578 | 1 Phpsugar | 1 Php Melody | 2017-11-08 | 6.0 MEDIUM | 8.8 HIGH |
| In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | |||||
| CVE-2014-9697 | 1 Huawei | 6 Usg9520, Usg9520 Firmware, Usg9560 and 3 more | 2017-11-08 | 7.8 HIGH | 7.5 HIGH |
| Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. | |||||
| CVE-2014-2664 | 1 X2engine | 1 X2crm | 2017-11-08 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2017-3759 | 1 Lenovo | 1 Service Framework | 2017-11-08 | 6.8 MEDIUM | 8.1 HIGH |
| The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | |||||
| CVE-2015-4422 | 1 Huawei | 2 Mate 7, Mate 7 Firmware | 2017-11-08 | 7.6 HIGH | 7.0 HIGH |
| The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application. | |||||
| CVE-2017-15805 | 1 Cisco | 4 Small Business Sa520, Small Business Sa520 Firmware, Small Business Sa540 and 1 more | 2017-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. | |||||
| CVE-2017-12628 | 1 Apache | 1 James Server | 2017-11-08 | 7.2 HIGH | 7.8 HIGH |
| The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library. | |||||
| CVE-2017-15650 | 1 Musl-libc | 1 Musl | 2017-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. | |||||
| CVE-2014-9489 | 1 Gollum Project | 3 Gollum, Gollum-lib, Grit Adapter | 2017-11-08 | 6.5 MEDIUM | 8.8 HIGH |
| The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags. | |||||
| CVE-2017-9530 | 1 Irfanview | 2 Irfanview, Tools | 2017-11-08 | 4.4 MEDIUM | 7.8 HIGH |
| IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000150." | |||||