Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-4011 | 1 Mcafee | 1 Network Data Loss Prevention | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request. | |||||
| CVE-2017-3126 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2017-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | |||||
| CVE-2017-2511 | 1 Apple | 1 Safari | 2017-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2017-6656 | 1 Cisco | 1 Ip Phone 8800 Series | 2017-07-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are dropped as the SIP process restarts. More Information: CSCvc29353. Known Affected Releases: 11.0(0.1). Known Fixed Releases: 11.0(0)MP2.153 11.0(0)MP2.62. | |||||
| CVE-2017-6654 | 1 Cisco | 1 Unified Communications Manager | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608. | |||||
| CVE-2017-9502 | 1 Haxx | 1 Curl | 2017-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://"). | |||||
| CVE-2017-3894 | 1 Blackberry | 2 Enterprise Service, Unified Endpoint Manager | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console. | |||||
| CVE-2017-4013 | 1 Mcafee | 1 Network Data Loss Prevention | 2017-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header. | |||||
| CVE-2017-2497 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book. | |||||
| CVE-2017-4978 | 1 Rsa | 1 Adaptive Authentication \(on Premise\) | 2017-07-08 | 3.5 LOW | 5.4 MEDIUM |
| EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-2495 | 1 Apple | 2 Iphone Os, Safari | 2017-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly interacts with the history menu. | |||||
| CVE-2017-4986 | 1 Emc | 1 Secure Remote Services | 2017-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-6668 | 1 Cisco | 1 Unified Communications Domain Manager | 2017-07-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1. | |||||
| CVE-2017-6636 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-07-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604. | |||||
| CVE-2017-2500 | 1 Apple | 1 Safari | 2017-07-08 | 4.3 MEDIUM | 4.7 MEDIUM |
| An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2017-6988 | 1 Apple | 1 Mac Os X | 2017-07-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. | |||||
| CVE-2017-7620 | 1 Mantisbt | 1 Mantisbt | 2017-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI. | |||||
| CVE-2017-4016 | 1 Mcafee | 1 Network Data Loss Prevention | 2017-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header. | |||||
| CVE-2017-4015 | 1 Mcafee | 1 Network Data Loss Prevention | 2017-07-08 | 3.5 LOW | 4.5 MEDIUM |
| Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. | |||||
| CVE-2017-6661 | 1 Cisco | 2 Content Security Management Appliance, Email Security Appliance | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. | |||||
| CVE-2017-4017 | 1 Mcafee | 1 Network Data Loss Prevention | 2017-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface. | |||||
| CVE-2017-8242 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. | |||||
| CVE-2017-8360 | 3 Conexant, Hp, Microsoft | 29 Mictray64, Elite X2 1012 G1, Elitebook 1030 G1 and 26 more | 2017-07-08 | 2.1 LOW | 5.5 MEDIUM |
| Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process. | |||||
| CVE-2017-7366 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. | |||||
| CVE-2017-6670 | 1 Cisco | 1 Unified Communications Domain Manager | 2017-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1. | |||||
| CVE-2017-7907 | 1 Schneider-electric | 1 Wonderware Historian Client | 2017-07-08 | 3.3 LOW | 6.6 MEDIUM |
| An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network. | |||||
| CVE-2017-1325 | 1 Ibm | 1 Inotes | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976. | |||||
| CVE-2017-0231 | 1 Microsoft | 2 Edge, Internet Explorer | 2017-07-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability." | |||||
| CVE-2016-10337 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed. | |||||
| CVE-2016-10336 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. | |||||
| CVE-2017-1102 | 1 Ibm | 1 Rational Quality Manager | 2017-07-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663. | |||||
| CVE-2017-1101 | 1 Ibm | 1 Rational Quality Manager | 2017-07-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662. | |||||
| CVE-2015-9024 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. | |||||
| CVE-2017-0297 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2017-07-08 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300. | |||||
| CVE-2017-0650 | 1 Linux | 1 Linux Kernel | 2017-07-08 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278. | |||||
| CVE-2015-9021 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. | |||||
| CVE-2017-1100 | 1 Ibm | 1 Rational Quality Manager | 2017-07-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661. | |||||
| CVE-2017-0651 | 1 Linux | 1 Linux Kernel | 2017-07-08 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815. | |||||
| CVE-2017-0190 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-07-08 | 2.1 LOW | 4.4 MEDIUM |
| The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." | |||||
| CVE-2017-10706 | 1 Antiy | 1 Antivirus Engine | 2017-07-07 | 2.1 LOW | 6.2 MEDIUM |
| When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used. | |||||
| CVE-2017-7316 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2017-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. | |||||
| CVE-2017-6719 | 1 Cisco | 1 Ios Xr | 2017-07-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.1.28i.BASE 6.2.1.22i.BASE 6.1.32.8i.BASE 6.1.31.3i.BASE 6.1.3.10i.BASE. | |||||
| CVE-2017-6718 | 1 Cisco | 1 Ios Xr | 2017-07-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT. | |||||
| CVE-2017-6717 | 1 Cisco | 1 Firepower Management Center | 2017-07-07 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. | |||||
| CVE-2017-6715 | 1 Cisco | 1 Firepower Management Center | 2017-07-07 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6. | |||||
| CVE-2017-6716 | 1 Cisco | 1 Firepower Management Center | 2017-07-07 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases prior to 6.0.0.0. More Information: CSCuy88785. Known Affected Releases: 5.4.1.6. | |||||
| CVE-2017-6706 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-07-07 | 3.6 LOW | 5.1 MEDIUM |
| A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1. | |||||
| CVE-2017-6705 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-07-07 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1. | |||||
| CVE-2017-6704 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-07-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1. | |||||
| CVE-2017-6703 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-07-07 | 4.0 MEDIUM | 5.9 MEDIUM |
| A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1. | |||||
