Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2288 | 1 Cogentdatahub | 1 Cogent Datahub | 2017-09-08 | 7.2 HIGH | 7.8 HIGH |
| Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | |||||
| CVE-2016-2539 | 1 Atutor | 1 Atutor | 2017-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | |||||
| CVE-2016-1768 | 1 Apple | 1 Mac Os X | 2017-09-08 | 6.8 MEDIUM | 7.8 HIGH |
| QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767. | |||||
| CVE-2016-1744 | 1 Apple | 1 Mac Os X | 2017-09-08 | 9.3 HIGH | 7.8 HIGH |
| The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743. | |||||
| CVE-2016-1743 | 1 Apple | 1 Mac Os X | 2017-09-08 | 9.3 HIGH | 7.8 HIGH |
| The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744. | |||||
| CVE-2017-1097 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2017-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657. | |||||
| CVE-2017-14158 | 1 Scrapy | 1 Scrapy | 2017-09-07 | 7.8 HIGH | 7.5 HIGH |
| Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore. | |||||
| CVE-2017-2821 | 1 Lexmark | 1 Perceptive Document Filters | 2017-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution. | |||||
| CVE-2017-2822 | 1 Lexmark | 1 Perceptive Document Filters | 2017-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability. | |||||
| CVE-2015-3454 | 1 Vulcanjs | 1 Vulcan | 2017-09-07 | 5.0 MEDIUM | 7.5 HIGH |
| TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. | |||||
| CVE-2015-1445 | 1 Fli4l | 1 Fli4l | 2017-09-07 | 9.0 HIGH | 7.2 HIGH |
| HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30. | |||||
| CVE-2015-8334 | 1 Huawei | 2 Vcn500, Vcn500 Firmware | 2017-09-07 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | |||||
| CVE-2015-3654 | 1 Arubanetworks | 1 Clearpass | 2017-09-07 | 9.0 HIGH | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. | |||||
| CVE-2015-3656 | 1 Arubanetworks | 1 Clearpass | 2017-09-07 | 6.5 MEDIUM | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | |||||
| CVE-2017-13739 | 1 Liblouis | 1 Liblouis | 2017-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution. | |||||
| CVE-2015-3657 | 1 Arubanetworks | 1 Clearpass | 2017-09-07 | 6.5 MEDIUM | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. | |||||
| CVE-2016-2972 | 1 Ibm | 1 Sametime | 2017-09-07 | 2.1 LOW | 7.8 HIGH |
| IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. | |||||
| CVE-2015-6639 | 1 Google | 1 Android | 2017-09-07 | 9.3 HIGH | 7.8 HIGH |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | |||||
| CVE-2015-1198 | 1 Linux-ha | 1 Ha | 2017-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. | |||||
| CVE-2017-10851 | 2 Fujixerox, Microsoft | 2 Contentsbridge Utility, Windows | 2017-09-06 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-14053 | 1 Netapp | 1 Oncommand Unified Manager For Clustered Data Ontap | 2017-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||
| CVE-2017-13709 | 1 Flightgear | 1 Flightgear | 2017-09-06 | 6.4 MEDIUM | 7.5 HIGH |
| In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. | |||||
| CVE-2017-10848 | 1 Fujixerox | 2 Docuworks, Docuworks Viewer Light | 2017-09-06 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2016-10509 | 1 Opencart | 1 Opencart | 2017-09-06 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php. | |||||
| CVE-2017-14146 | 1 Helpdezk | 1 Helpdezk | 2017-09-06 | 6.5 MEDIUM | 8.8 HIGH |
| HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | |||||
| CVE-2015-1443 | 1 Fli4l | 1 Fli4l | 2017-09-06 | 9.0 HIGH | 8.8 HIGH |
| The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. | |||||
| CVE-2015-1876 | 1 Estrongs | 1 Es File Explorer | 2017-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ES File Explorer 3.2.4.1. | |||||
| CVE-2014-8675 | 1 Soplanning | 1 Soplanning | 2017-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash. | |||||
| CVE-2017-10829 | 1 Ntt | 1 Enkaku Support Tool | 2017-09-06 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2015-3653 | 1 Arubanetworks | 1 Clearpass | 2017-09-06 | 9.0 HIGH | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. | |||||
| CVE-2017-3154 | 1 Apache | 1 Atlas | 2017-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. | |||||
| CVE-2016-10277 | 1 Linux | 1 Linux Kernel | 2017-09-06 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490. | |||||
| CVE-2015-1554 | 1 Kgb-bot Project | 1 Kgb-bot | 2017-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2015-1199 | 1 Ppmd Project | 1 Ppmd | 2017-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ppmd 10.1-5. | |||||
| CVE-2017-12775 | 1 Question2answer | 1 Question2answer | 2017-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. | |||||
| CVE-2017-14149 | 1 Embedthis | 1 Goahead | 2017-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | |||||
| CVE-2015-0114 | 1 Ibm | 1 I Access For Windows | 2017-09-05 | 4.6 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. | |||||
| CVE-2017-14103 | 1 Graphicsmagick | 1 Graphicsmagick | 2017-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403. | |||||
| CVE-2017-10849 | 1 Fujixerox | 1 Docuworks | 2017-09-05 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-11157 | 2 Microsoft, Synology | 2 Windows, Cloud Station Backup | 2017-09-05 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | |||||
| CVE-2014-8900 | 1 Ibm | 1 Urbancode Deploy | 2017-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. | |||||
| CVE-2014-9497 | 1 Mpg123 | 1 Mpg123 | 2017-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in mpg123 before 1.18.0. | |||||
| CVE-2016-4557 | 1 Linux | 1 Linux Kernel | 2017-09-03 | 7.2 HIGH | 7.8 HIGH |
| The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor. | |||||
| CVE-2016-1464 | 1 Cisco | 1 Webex Wrf Player T29 | 2017-09-03 | 9.3 HIGH | 7.8 HIGH |
| Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. | |||||
| CVE-2016-6483 | 1 Vbulletin | 1 Vbulletin | 2017-09-03 | 5.0 MEDIUM | 8.6 HIGH |
| The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code. | |||||
| CVE-2016-1607 | 1 Novell | 1 Filr | 2017-09-03 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request. | |||||
| CVE-2016-1608 | 1 Novell | 1 Filr | 2017-09-03 | 9.0 HIGH | 8.8 HIGH |
| vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter. | |||||
| CVE-2016-1610 | 1 Novell | 1 Filr | 2017-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name. | |||||
| CVE-2016-1611 | 1 Novell | 1 Filr | 2017-09-03 | 7.2 HIGH | 7.8 HIGH |
| Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands. | |||||
| CVE-2016-5679 | 2 Netgear, Nuuo | 2 Readynas Surveillance, Nvrmini 2 | 2017-09-03 | 9.0 HIGH | 8.8 HIGH |
| cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command. | |||||