Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15333 | 1 Huawei | 14 Ecns210 Td, Ecns210 Td Firmware, S12700 and 11 more | 2018-02-27 | 4.3 MEDIUM | 4.7 MEDIUM |
| XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. | |||||
| CVE-2018-2383 | 1 Sap | 1 Internet Graphics Server | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | |||||
| CVE-2018-2388 | 1 Sap | 1 Internet Graphics Server | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | |||||
| CVE-2016-2540 | 1 Audacityteam | 1 Audacity | 2018-02-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure. | |||||
| CVE-2017-1000506 | 1 Mautic | 1 Mautic | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code. | |||||
| CVE-2017-1000510 | 1 Croogo | 1 Croogo | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code. | |||||
| CVE-2017-1000509 | 1 Dolibarr | 1 Dolibarr | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. | |||||
| CVE-2017-1000508 | 1 Invoiceplane | 1 Invoiceplane | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later. | |||||
| CVE-2015-4461 | 1 Efrontlearning | 1 Efront | 2018-02-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter. | |||||
| CVE-2016-2541 | 1 Audacityteam | 1 Audacity | 2018-02-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file. | |||||
| CVE-2017-1000507 | 1 Cnvs | 1 Canvas | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code. | |||||
| CVE-2018-6796 | 1 Multilanguage Real Estate Mlm Script Project | 1 Multilanguage Real Estate Mlm Script | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. | |||||
| CVE-2018-6655 | 1 Doctor Search Script Project | 1 Doctor Search Script | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. | |||||
| CVE-2017-1761 | 1 Ibm | 1 Websphere Portal | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005. | |||||
| CVE-2018-1382 | 1 Ibm | 1 Api Connect | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079. | |||||
| CVE-2018-6864 | 1 Multireligion Responsive Matrimonial Project | 1 Multireligion Responsive Matrimonial | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter. | |||||
| CVE-2018-6862 | 1 Bitcoin Mlm Project | 1 Bitcoin Mlm | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field. | |||||
| CVE-2017-1785 | 1 Ibm | 1 Api Connect | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859. | |||||
| CVE-2018-1401 | 1 Ibm | 1 Websphere Portal | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437. | |||||
| CVE-2018-6844 | 1 Mybb | 1 Mybb | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. | |||||
| CVE-2018-6834 | 1 Etherpad | 1 Etherpad Lite | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href. | |||||
| CVE-2015-2329 | 1 Woocommerce | 1 Woocommerce | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. | |||||
| CVE-2015-3618 | 1 Nagios | 1 Business Process Intelligence | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php. | |||||
| CVE-2015-3619 | 1 Virtuemart | 1 Virtuemart | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company." | |||||
| CVE-2013-4317 | 1 Apache | 1 Cloudstack | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own. | |||||
| CVE-2017-17166 | 1 Huawei | 12 Dp300, Dp300 Firmware, Secospace Usg6300 and 9 more | 2018-02-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted. | |||||
| CVE-2017-17163 | 1 Huawei | 2 Secospace Usg6600, Secospace Usg6600 Firmware | 2018-02-26 | 2.1 LOW | 5.5 MEDIUM |
| Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by executing some commands. The attacker can exploit this vulnerability to cause a denial of service. | |||||
| CVE-2017-17152 | 1 Huawei | 16 Ips Module, Ips Module Firmware, Ngfw Module and 13 more | 2018-02-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds write vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory write, which may further lead to system exceptions. | |||||
| CVE-2017-15351 | 1 Huawei | 2 Honor V9 Play, Honor V9 Play Firmware | 2018-02-26 | 7.2 HIGH | 6.8 MEDIUM |
| The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. | |||||
| CVE-2017-17288 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause integer overflow and some process abnormal. | |||||
| CVE-2017-17185 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make the device access invalid memory and might reset a process. | |||||
| CVE-2017-17184 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process. | |||||
| CVE-2017-17183 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process. | |||||
| CVE-2017-15347 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Firmware | 2018-02-26 | 7.1 HIGH | 5.5 MEDIUM |
| Huawei Mate 9 Pro mobile phones with software of versions earlier than LON-AL00BC00B235 have a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can riggers access memory after free it. A local attacker may exploit this vulnerability to cause the mobile phone to crash. | |||||
| CVE-2017-17186 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 5.5 MEDIUM | 5.4 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a DoS vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make some data overwritten, leak device memory and potentially reset a process. | |||||
| CVE-2017-17187 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process. | |||||
| CVE-2017-12560 | 1 Hp | 1 Intelligent Management Center | 2018-02-25 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | |||||
| CVE-2017-12559 | 1 Hp | 1 Intelligent Management Center | 2018-02-25 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | |||||
| CVE-2018-6374 | 1 Pulsesecure | 1 Desktop Linux Client | 2018-02-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set. | |||||
| CVE-2017-15346 | 1 Huawei | 14 Ecns210 Td, Ecns210 Td Firmware, S12700 and 11 more | 2018-02-24 | 4.3 MEDIUM | 4.7 MEDIUM |
| XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. | |||||
| CVE-2017-15350 | 1 Huawei | 38 Dp300, Dp300 Firmware, Ips Module and 35 more | 2018-02-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Common Open Policy Service Protocol (COPS) module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10,SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3206 V100R002C00, V100R002C10,USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50 haa a buffer overflow vulnerability. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted message to the affected products. The vulnerability is due to insufficient input validation of the message, which could result in a buffer overflow. Successful exploit may cause some services abnormal. | |||||
| CVE-2017-18037 | 1 Atlassian | 1 Bitbucket | 2018-02-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag. | |||||
| CVE-2016-10259 | 1 Bluecoat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2018-02-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server. | |||||
| CVE-2017-17182 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make the device access invalid memory and might reset a process. | |||||
| CVE-2018-6291 | 1 Kaspersky | 1 Secure Mail Gateway | 2018-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2011-2902 | 2 Debian, Glyphandcog | 2 Debian Linux, Xpdf | 2018-02-23 | 6.4 MEDIUM | 5.3 MEDIUM |
| zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name. | |||||
| CVE-2017-5124 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | |||||
| CVE-2017-15395 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. | |||||
| CVE-2017-15394 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. | |||||
| CVE-2017-15392 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration. | |||||