Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2145 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2017-10-11 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2015-2148 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2017-10-11 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2015-8251 | 1 Unify | 21 Openscape Desk Phone Ip 35g Eco Hfa, Openscape Desk Phone Ip 35g Eco Sip, Openscape Desk Phone Ip 35g Eco Sip Firmware and 18 more | 2017-10-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. | |||||
| CVE-2017-1345 | 1 Ibm | 1 Insights Foundation For Energy | 2017-10-11 | 3.5 LOW | 5.4 MEDIUM |
| IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460. | |||||
| CVE-2017-15025 | 1 Gnu | 1 Binutils | 2017-10-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. | |||||
| CVE-2017-15022 | 1 Gnu | 1 Binutils | 2017-10-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. | |||||
| CVE-2017-14981 | 1 Atutor | 1 Atutor | 2017-10-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website. | |||||
| CVE-2014-0043 | 1 Apache | 1 Wicket | 2017-10-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use. | |||||
| CVE-2017-14770 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2017-10-11 | 2.1 LOW | 5.5 MEDIUM |
| Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process. | |||||
| CVE-2017-14771 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2017-10-11 | 3.6 LOW | 5.5 MEDIUM |
| Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application. | |||||
| CVE-2015-7357 | 1 Udesign Project | 1 Udesign | 2017-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>. | |||||
| CVE-2017-14620 | 1 Smartertools | 1 Smarterstats | 2017-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | |||||
| CVE-2017-14582 | 1 Zohocorp | 1 Site24x7 Mobile Network Poller | 2017-10-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. | |||||
| CVE-2017-1364 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126857. | |||||
| CVE-2017-1359 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126686. | |||||
| CVE-2017-1335 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243. | |||||
| CVE-2017-1429 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127587. | |||||
| CVE-2017-1369 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862. | |||||
| CVE-2017-1334 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242. | |||||
| CVE-2017-1324 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975. | |||||
| CVE-2015-3248 | 1 Openhpi | 1 Openhpi | 2017-10-10 | 4.7 MEDIUM | 4.7 MEDIUM |
| openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption). | |||||
| CVE-2015-5069 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2017-10-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. | |||||
| CVE-2015-0874 | 3 Apple, Google, Okb | 3 Iphone Os, Android, Smart Passbook | 2017-10-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | |||||
| CVE-2015-7846 | 1 Huawei | 14 Ar1200, Ar1200 Firmware, Ar200 and 11 more | 2017-10-10 | 2.1 LOW | 4.6 MEDIUM |
| Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. | |||||
| CVE-2017-14775 | 1 Laravel | 1 Laravel | 2017-10-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. | |||||
| CVE-2015-1027 | 1 Percona | 2 Toolkit, Xtrabackup | 2017-10-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. | |||||
| CVE-2017-14622 | 1 2kblater | 1 2kb Amazon Affiliates Store | 2017-10-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php. | |||||
| CVE-2017-1000035 | 1 Tt-rss | 1 Tiny Tiny Rss | 2017-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack | |||||
| CVE-2017-14352 | 1 Hp | 1 Ucmdb Configuration Manager | 2017-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | |||||
| CVE-2017-9794 | 1 Apache | 1 Geode | 2017-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view. | |||||
| CVE-2017-1591 | 1 Ibm | 1 Datapower Gateway | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368. | |||||
| CVE-2014-8878 | 1 Kde | 1 Kmail | 2017-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-9686 | 1 Mapsplugin | 1 Googlemaps | 2017-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428. | |||||
| CVE-2011-4667 | 1 Cisco | 2 Ios, Nx-os | 2017-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. | |||||
| CVE-2015-7349 | 1 Vasco | 1 Digipass | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter. | |||||
| CVE-2015-1526 | 1 Google | 1 Android | 2017-10-06 | 7.1 HIGH | 5.5 MEDIUM |
| The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | |||||
| CVE-2015-7317 | 2 Kupu Project, Plone | 2 Kupu, Plone | 2017-10-06 | 4.9 MEDIUM | 6.8 MEDIUM |
| Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. | |||||
| CVE-2015-5181 | 1 Redhat | 1 Jboss A-mq | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | |||||
| CVE-2017-14941 | 1 Jaspersoft | 1 Jasperreports | 2017-10-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector. | |||||
| CVE-2015-6592 | 1 Huawei | 2 Uap2105, Uap2105 Firmware | 2017-10-06 | 7.2 HIGH | 6.8 MEDIUM |
| Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. | |||||
| CVE-2017-14957 | 1 Blogotext Project | 1 Blogotext | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog. | |||||
| CVE-2015-5613 | 1 Octobercms | 1 October | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | |||||
| CVE-2017-14525 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2017-10-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | |||||
| CVE-2017-14524 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2017-10-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | |||||
| CVE-2017-10701 | 1 Sap | 1 Enterprise Portal | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | |||||
| CVE-2017-14751 | 1 Intensewp | 1 Wp Jobs | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | |||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2017-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| GANMA! App for iOS does not verify SSL certificates. | |||||
| CVE-2015-5666 | 1 Ana | 1 All Nippon Airways | 2017-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | |||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | |||||
| CVE-2015-8375 | 1 Php-fusion | 1 Php-fusion | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | |||||