Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2140 | 1 Gaku | 1 Tablacus Explorer | 2017-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. | |||||
| CVE-2017-2128 | 1 Information-technology Promotion Agency | 1 Introduction To Safe Website Operation | 2017-05-05 | 6.8 MEDIUM | 8.8 HIGH |
| Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | |||||
| CVE-2017-8109 | 1 Saltstack | 1 Salt | 2017-05-05 | 2.1 LOW | 7.8 HIGH |
| The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients). | |||||
| CVE-2017-2141 | 1 Iodata | 2 Wn-g300r3, Wn-g300r3 Firmware | 2017-05-05 | 9.0 HIGH | 7.2 HIGH |
| WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-8223 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2017-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0. | |||||
| CVE-2017-2101 | 1 Ipa | 1 Appgoat | 2017-05-05 | 7.5 HIGH | 7.3 HIGH |
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. | |||||
| CVE-2017-2102 | 1 Ipa | 1 Appgoat | 2017-05-05 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-1149 | 1 Ibm | 1 Urbancode Deploy | 2017-05-05 | 7.5 HIGH | 8.1 HIGH |
| IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202. | |||||
| CVE-2017-7720 | 1 Privatetunnel | 1 Privatetunnel | 2017-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password. | |||||
| CVE-2017-2119 | 1 Wbce | 1 Wbce Cms | 2017-05-03 | 5.0 MEDIUM | 8.6 HIGH |
| Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-2120 | 1 Wbce | 1 Wbce Cms | 2017-05-03 | 6.0 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-8294 | 1 Virustotal | 1 Yara | 2017-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function. | |||||
| CVE-2016-2433 | 1 Google | 1 Android | 2017-05-02 | 8.3 HIGH | 8.8 HIGH |
| The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. | |||||
| CVE-2016-10211 | 1 Virustotal | 1 Yara | 2017-05-02 | 5.0 MEDIUM | 7.5 HIGH |
| libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function. | |||||
| CVE-2016-10210 | 1 Virustotal | 1 Yara | 2017-05-02 | 5.0 MEDIUM | 7.5 HIGH |
| libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function. | |||||
| CVE-2017-5923 | 1 Virustotal | 1 Yara | 2017-05-02 | 5.0 MEDIUM | 7.5 HIGH |
| libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function. | |||||
| CVE-2017-5924 | 1 Virustotal | 1 Yara | 2017-05-02 | 5.0 MEDIUM | 7.5 HIGH |
| libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function. | |||||
| CVE-2016-6561 | 1 Illumos | 1 Illumos | 2017-05-02 | 7.8 HIGH | 7.5 HIGH |
| illumos smbsrv NULL pointer dereference allows system crash. | |||||
| CVE-2016-8026 | 1 Mcafee | 1 Security Scan Plus | 2017-05-02 | 4.6 MEDIUM | 7.8 HIGH |
| Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. | |||||
| CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2017-04-29 | 6.9 MEDIUM | 7.0 HIGH |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | |||||
| CVE-2016-1556 | 1 Netgear | 12 Wn604, Wn604 Firmware, Wnap320 and 9 more | 2017-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. | |||||
| CVE-2015-8110 | 1 Lenovo | 1 Lenovo System Update | 2017-04-28 | 7.2 HIGH | 7.8 HIGH |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." | |||||
| CVE-2017-8099 | 1 Browserweb Inc | 1 Whizz | 2017-04-28 | 5.8 MEDIUM | 8.1 HIGH |
| There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. | |||||
| CVE-2015-7245 | 1 D-link | 2 Dvg-n5402sp, Dvg-n5402sp Firmware | 2017-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | |||||
| CVE-2017-8070 | 1 Linux | 1 Linux Kernel | 2017-04-28 | 7.2 HIGH | 7.8 HIGH |
| drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-2332 | 1 Juniper | 1 Northstar Controller | 2017-04-28 | 9.3 HIGH | 8.8 HIGH |
| An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment. | |||||
| CVE-2011-3438 | 1 Apple | 1 Safari | 2017-04-28 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution. | |||||
| CVE-2016-1559 | 1 D-link | 6 Dap-1353 H\/w B1, Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 and 3 more | 2017-04-28 | 2.6 LOW | 8.1 HIGH |
| D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. | |||||
| CVE-2013-7463 | 1 Aescrypt Project | 1 Aescrypt | 2017-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack. | |||||
| CVE-2016-4293 | 1 Hancom | 1 Hancom Office 2014 | 2017-04-27 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file. | |||||
| CVE-2015-0104 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2017-04-27 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-6761 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 4.6 MEDIUM | 7.8 HIGH |
| drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. | |||||
| CVE-2017-8061 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-8067 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-8066 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-8069 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-8101 | 1 S9y | 1 Serendipity | 2017-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | |||||
| CVE-2017-8072 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors. | |||||
| CVE-2015-1521 | 1 Bro | 1 Bro | 2017-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet. | |||||
| CVE-2017-8063 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-8068 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-8065 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2015-1522 | 1 Bro | 1 Bro | 2017-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet. | |||||
| CVE-2017-2334 | 1 Juniper | 1 Northstar Controller | 2017-04-27 | 4.3 MEDIUM | 7.5 HIGH |
| An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system. | |||||
| CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2017-04-27 | 4.3 MEDIUM | 8.1 HIGH |
| Session fixation vulnerability in pcsd in pcs before 0.9.157. | |||||
| CVE-2017-8062 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2016-1561 | 1 Exagrid | 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more | 2017-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. | |||||
| CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2017-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||||
| CVE-2016-9954 | 1 Irregex Project | 1 Irregex | 2017-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern. | |||||
| CVE-2016-5168 | 1 Google | 1 Chrome | 2017-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. | |||||