Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2546 1 Linux 1 Linux Kernel 2017-09-07 4.7 MEDIUM 5.1 MEDIUM
sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
CVE-2016-0354 1 Ibm 1 Sametime 2017-09-07 6.0 MEDIUM 5.5 MEDIUM
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.
CVE-2016-2547 1 Linux 1 Linux Kernel 2017-09-07 4.7 MEDIUM 5.1 MEDIUM
sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
CVE-2016-2973 1 Ibm 1 Sametime 2017-09-07 3.5 LOW 5.4 MEDIUM
IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899.
CVE-2016-2979 1 Ibm 1 Sametime 2017-09-07 3.5 LOW 5.4 MEDIUM
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945.
CVE-2016-2969 1 Ibm 1 Sametime 2017-09-07 4.0 MEDIUM 4.3 MEDIUM
IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850.
CVE-2016-2965 1 Ibm 1 Sametime 2017-09-07 4.3 MEDIUM 6.5 MEDIUM
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.
CVE-2016-2977 1 Ibm 1 Sametime 2017-09-07 4.0 MEDIUM 4.3 MEDIUM
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.
CVE-2016-2959 1 Ibm 1 Sametime 2017-09-07 4.0 MEDIUM 4.3 MEDIUM
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804.
CVE-2016-2971 1 Ibm 1 Sametime 2017-09-07 5.0 MEDIUM 5.3 MEDIUM
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898.
CVE-2014-8677 1 Soplanning 1 Soplanning 2017-09-06 3.5 LOW 5.3 MEDIUM
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.
CVE-2014-8753 1 Cit-e-net 1 Cit-e-access 2017-09-06 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6.
CVE-2016-10508 1 Phpthumb Project 1 Phpthumb 2017-09-06 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.
CVE-2017-12797 1 Mpg123 1 Mpg123 2017-09-06 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVE-2015-3211 1 Php-fpm 1 Php-fpm 2017-09-06 2.1 LOW 5.5 MEDIUM
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
CVE-2016-1895 1 Netapp 1 Data Ontap 2017-09-06 4.0 MEDIUM 6.5 MEDIUM
NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.
CVE-2015-3976 1 Ge 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more 2017-09-06 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.
CVE-2017-12871 1 Simplesamlphp 1 Simplesamlphp 2017-09-06 4.3 MEDIUM 5.9 MEDIUM
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).
CVE-2017-12870 1 Simplesamlphp 1 Simplesamlphp 2017-09-06 4.3 MEDIUM 5.9 MEDIUM
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers.
CVE-2017-12952 1 Libgig0 1 Libgig 2017-09-06 4.3 MEDIUM 6.5 MEDIUM
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12954 1 Libgig0 1 Libgig 2017-09-06 4.3 MEDIUM 6.5 MEDIUM
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
CVE-2017-12953 1 Libgig0 1 Libgig 2017-09-06 4.3 MEDIUM 6.5 MEDIUM
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
CVE-2017-12984 1 Phpmywind 1 Phpmywind 2017-09-06 4.3 MEDIUM 6.1 MEDIUM
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
CVE-2016-9111 1 Citrix 1 Receiver Desktop 2017-09-06 4.6 MEDIUM 6.8 MEDIUM
Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us."
CVE-2017-3155 1 Apache 1 Atlas 2017-09-06 4.3 MEDIUM 6.1 MEDIUM
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
CVE-2017-13671 1 Misp 1 Misp 2017-09-05 4.3 MEDIUM 6.1 MEDIUM
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
CVE-2016-0713 1 Cloudfoundry 1 Cf-release 2017-09-05 2.6 LOW 4.7 MEDIUM
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.
CVE-2017-7855 1 Icewarp 1 Server 2017-09-05 4.3 MEDIUM 6.1 MEDIUM
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
CVE-2014-8163 1 Redhat 1 Satellite 2017-09-05 5.5 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
CVE-2014-8676 1 Soplanning 1 Soplanning 2017-09-05 5.0 MEDIUM 5.3 MEDIUM
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
CVE-2017-14070 1 Nexusphp 1 Nexusphp 2017-09-05 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
CVE-2014-8168 1 Redhat 1 Satellite 2017-09-04 4.6 MEDIUM 6.1 MEDIUM
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
CVE-2016-2970 1 Ibm 1 Sametime 2017-09-04 4.0 MEDIUM 4.3 MEDIUM
IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851.
CVE-2017-1445 1 Ibm 1 Emptoris Spend Analysis 2017-09-04 3.5 LOW 5.4 MEDIUM
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170.
CVE-2017-1447 1 Ibm 1 Emptoris Sourcing 2017-09-04 3.5 LOW 5.4 MEDIUM
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172.
CVE-2017-1444 1 Ibm 1 Emptoris Sourcing 2017-09-04 3.5 LOW 5.4 MEDIUM
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110.
CVE-2017-1449 1 Ibm 1 Emptoris Sourcing 2017-09-04 4.9 MEDIUM 5.4 MEDIUM
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.
CVE-2017-1450 1 Ibm 1 Emptoris Sourcing 2017-09-04 5.8 MEDIUM 6.1 MEDIUM
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177.
CVE-2016-0358 1 Ibm 1 Sametime 2017-09-03 4.0 MEDIUM 4.3 MEDIUM
IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.
CVE-2016-1609 1 Novell 1 Filr 2017-09-03 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.
CVE-2016-0243 1 Ibm 1 Websphere Portal 2017-09-03 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244.
CVE-2016-6435 1 Cisco 1 Firepower Management Center 2017-09-03 4.0 MEDIUM 6.5 MEDIUM
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
CVE-2016-6505 1 Wireshark 1 Wireshark 2017-09-03 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
CVE-2016-7851 1 Adobe 1 Connect 2017-09-03 4.3 MEDIUM 6.1 MEDIUM
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
CVE-2016-5304 1 Symantec 1 Endpoint Protection Manager 2017-09-03 4.9 MEDIUM 6.8 MEDIUM
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-3689 3 Canonical, Linux, Novell 9 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 6 more 2017-09-03 4.9 MEDIUM 4.6 MEDIUM
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
CVE-2016-3652 1 Symantec 1 Endpoint Protection Manager 2017-09-03 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3619 1 Libtiff 1 Libtiff 2017-09-03 4.3 MEDIUM 6.5 MEDIUM
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
CVE-2016-8019 1 Mcafee 1 Virusscan Enterprise 2017-09-03 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
CVE-2016-8018 1 Mcafee 1 Virusscan Enterprise 2017-09-03 6.0 MEDIUM 4.3 MEDIUM
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.