Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1423 | 1 Cisco | 1 Email Security Appliance | 2017-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047. | |||||
| CVE-2016-5594 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 4.0 MEDIUM | 5.0 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to INFRA. | |||||
| CVE-2016-5596 | 1 Oracle | 1 Customer Relationship Management Technical Foundation | 2017-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2016-5538 | 1 Oracle | 1 Vm Virtualbox | 2017-07-29 | 7.2 HIGH | 6.7 MEDIUM |
| Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501. | |||||
| CVE-2016-5600 | 1 Oracle | 1 Peoplesoft Enterprise Supply Chain Management Services Procurement | 2017-07-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-5602 | 1 Oracle | 1 Data Integrator | 2017-07-29 | 3.5 LOW | 5.7 MEDIUM |
| Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. | |||||
| CVE-2016-5530 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2017-07-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-8293. | |||||
| CVE-2016-5603 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621. | |||||
| CVE-2016-5604 | 1 Oracle | 1 Enterprise Manager Base Platform | 2017-07-29 | 3.3 LOW | 6.3 MEDIUM |
| Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563. | |||||
| CVE-2016-3495 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2017-07-29 | 6.8 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||||
| CVE-2016-5479 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 allows remote authenticated users to affect confidentiality via vectors related to INFRA. | |||||
| CVE-2016-5502 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA. | |||||
| CVE-2016-5505 | 1 Oracle | 1 Database Server | 2017-07-29 | 2.1 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors. | |||||
| CVE-2016-5606 | 1 Oracle | 1 Solaris | 2017-07-29 | 5.6 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones. | |||||
| CVE-2016-5620 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5619. | |||||
| CVE-2016-5631 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2017-07-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. | |||||
| CVE-2016-5621 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 and 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5603. | |||||
| CVE-2016-5622 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 7.8 HIGH | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA. | |||||
| CVE-2016-5628 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2017-07-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML. | |||||
| CVE-2016-5529 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2017-07-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5530 and CVE-2016-8293. | |||||
| CVE-2016-5511 | 1 Oracle | 1 Webcenter Sites | 2017-07-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2016-5516 | 1 Oracle | 1 Database Server | 2017-07-29 | 4.7 MEDIUM | 6.0 MEDIUM |
| Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors. | |||||
| CVE-2016-8564 | 1 Siemens | 1 Automation License Manager | 2017-07-29 | 6.4 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. | |||||
| CVE-2016-3014 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-07-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2479 | 1 Cerulean Studios | 1 Trillian | 2017-07-29 | 7.1 HIGH | 5.9 MEDIUM |
| Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. | |||||
| CVE-2017-11327 | 1 Tilde Cms Project | 1 Tilde Cms | 2017-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload. | |||||
| CVE-2017-2241 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2017-07-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". | |||||
| CVE-2017-2240 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2017-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | |||||
| CVE-2017-6755 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1. | |||||
| CVE-2017-11581 | 1 Finecms | 1 Finecms | 2017-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character. | |||||
| CVE-2017-11617 | 1 Atmail | 1 Atmail | 2017-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes. | |||||
| CVE-2017-1287 | 1 Ibm | 1 Rhapsody Design Manager | 2017-07-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2017-1249 | 1 Ibm | 1 Rhapsody Design Manager | 2017-07-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-11586 | 1 Finecms | 1 Finecms | 2017-07-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. | |||||
| CVE-2017-11530 | 1 Imagemagick | 1 Imagemagick | 2017-07-28 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||||
| CVE-2017-11527 | 1 Imagemagick | 1 Imagemagick | 2017-07-28 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||||
| CVE-2017-11526 | 1 Imagemagick | 1 Imagemagick | 2017-07-28 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. | |||||
| CVE-2016-9373 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2017-07-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. | |||||
| CVE-2016-9375 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2017-07-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. | |||||
| CVE-2016-9384 | 1 Xen | 1 Xen | 2017-07-28 | 2.1 LOW | 6.5 MEDIUM |
| Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. | |||||
| CVE-2016-9378 | 1 Xen | 1 Xen | 2017-07-28 | 2.1 LOW | 5.5 MEDIUM |
| Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery. | |||||
| CVE-2016-9284 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | |||||
| CVE-2016-9376 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2017-07-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. | |||||
| CVE-2016-6462 | 1 Cisco | 1 Email Security Appliance Firmware | 2017-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. | |||||
| CVE-2016-9374 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2017-07-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. | |||||
| CVE-2016-9818 | 1 Xen | 1 Xen | 2017-07-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. | |||||
| CVE-2016-9372 | 1 Wireshark | 1 Wireshark | 2017-07-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. | |||||
| CVE-2016-2939 | 1 Ibm | 2 Domino, Inotes | 2017-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2015-8796 | 1 Apache | 1 Solr | 2017-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. | |||||
| CVE-2016-2926 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
