Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000025 | 1 Gnome | 1 Epiphany | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | |||||
| CVE-2015-1847 | 1 Appserver | 1 Appserver | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL. | |||||
| CVE-2017-11646 | 1 Netcomm | 2 4gt101w Bootloader, 4gt101w Software | 2017-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device. | |||||
| CVE-2015-7891 | 1 Samsung | 1 Samsung Mobile | 2017-08-04 | 4.4 MEDIUM | 7.0 HIGH |
| Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | |||||
| CVE-2017-11726 | 1 Connectwise | 1 Manage | 2017-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting. | |||||
| CVE-2017-11648 | 1 Techroutes | 2 Tr 1803-3g, Tr 1803-3g Firmware | 2017-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering. | |||||
| CVE-2017-11364 | 1 Joomla | 1 Joomla\! | 2017-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | |||||
| CVE-2017-2279 | 1 Kiri | 1 Tween | 2017-08-04 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-11658 | 1 Wp-rocket | 1 Wp-rocket | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. | |||||
| CVE-2017-1000034 | 1 Akka | 1 Akka | 2017-08-04 | 9.3 HIGH | 8.1 HIGH |
| Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. | |||||
| CVE-2017-11390 | 1 Trendmicro | 1 Control Manager | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. | |||||
| CVE-2017-8870 | 1 Mediacoderhq | 1 Audiocoder | 2017-08-03 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file. | |||||
| CVE-2017-1460 | 1 Ibm | 1 I | 2017-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379. | |||||
| CVE-2017-11679 | 1 Hashtopus Project | 1 Hashtopus | 2017-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | |||||
| CVE-2017-11678 | 1 Hashtopus Project | 1 Hashtopus | 2017-08-03 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | |||||
| CVE-2016-9716 | 1 Ibm | 1 Infosphere Master Data Management Server | 2017-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. | |||||
| CVE-2016-9714 | 1 Ibm | 1 Infosphere Master Data Management Server | 2017-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. | |||||
| CVE-2017-9478 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2017-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname. | |||||
| CVE-2016-6271 | 1 Bzrtp Project | 1 Bzrtp | 2017-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. | |||||
| CVE-2017-8869 | 1 Mediacoder | 1 Mediacoder | 2017-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file. | |||||
| CVE-2017-11736 | 1 Bigtreecms | 1 Bigtree Cms | 2017-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. | |||||
| CVE-2017-11680 | 1 Project Hashtopussy | 1 Hashtopussy | 2017-08-02 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. | |||||
| CVE-2017-9488 | 1 Cisco | 4 Dpc3939, Dpc3939 Firmware, Dpc3941t and 1 more | 2017-08-02 | 5.8 MEDIUM | 8.8 HIGH |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials. This wan0 interface cannot be accessed from the public Internet. | |||||
| CVE-2017-9486 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2017-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to compute password-of-the-day values via unspecified vectors. | |||||
| CVE-2017-9484 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2017-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover a CM MAC address by sniffing Wi-Fi traffic and performing simple arithmetic calculations. | |||||
| CVE-2015-7543 | 2 Artsproject, Kde | 2 Arts, Kdelibs | 2017-07-31 | 4.4 MEDIUM | 7.0 HIGH |
| aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. | |||||
| CVE-2017-11325 | 1 Tilde Cms Project | 1 Tilde Cms | 2017-07-31 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php. | |||||
| CVE-2015-1438 | 1 Panda Security | 4 Panda Antivirus Pro 2015, Panda Global Protection 2015, Panda Gold Protection 2015 and 1 more | 2017-07-31 | 7.2 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers. | |||||
| CVE-2017-11630 | 1 Fiyo | 1 Fiyo Cms | 2017-07-31 | 5.0 MEDIUM | 7.5 HIGH |
| dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | |||||
| CVE-2016-6379 | 1 Cisco | 2 Ios, Ios Xe | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. | |||||
| CVE-2016-6378 | 1 Cisco | 1 Ios Xe | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853. | |||||
| CVE-2016-6373 | 1 Cisco | 1 Cloud Services Platform 2100 | 2017-07-30 | 9.0 HIGH | 7.2 HIGH |
| The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. | |||||
| CVE-2016-7045 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2017-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. | |||||
| CVE-2016-4389 | 1 Hp | 1 Keyview | 2017-07-30 | 6.8 MEDIUM | 8.1 HIGH |
| The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390. | |||||
| CVE-2016-7044 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2017-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. | |||||
| CVE-2016-4388 | 1 Hp | 1 Keyview | 2017-07-30 | 6.8 MEDIUM | 8.1 HIGH |
| The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390. | |||||
| CVE-2016-6382 | 1 Cisco | 2 Ios, Ios Xe | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399. | |||||
| CVE-2016-4387 | 1 Hp | 1 Keyview | 2017-07-30 | 6.8 MEDIUM | 8.1 HIGH |
| The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390. | |||||
| CVE-2016-4386 | 1 Hp | 1 Network Automation | 2017-07-30 | 6.9 MEDIUM | 7.8 HIGH |
| HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. | |||||
| CVE-2016-4384 | 1 Hp | 2 Loadrunner, Performance Center | 2017-07-30 | 9.0 HIGH | 8.6 HIGH |
| HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2016-4769 | 2 Apple, Microsoft | 3 Itunes, Safari, Windows | 2017-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2016-0904 | 1 Emc | 1 Avamar Server | 2017-07-30 | 5.0 MEDIUM | 8.6 HIGH |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. | |||||
| CVE-2015-6393 | 1 Cisco | 30 Nexus 5010, Nexus 5020, Nexus 5548p and 27 more | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182. | |||||
| CVE-2016-4754 | 1 Apple | 1 Os X Server | 2017-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2016-4779 | 1 Apple | 1 Mac Os X | 2017-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | |||||
| CVE-2016-4724 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-4710 | 1 Apple | 1 Mac Os X | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709. | |||||
| CVE-2016-4711 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. | |||||
| CVE-2016-0920 | 1 Emc | 1 Avamar Server | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | |||||
| CVE-2016-4723 | 1 Apple | 1 Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||