Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7646 | 1 Solarwinds | 1 Log \& Event Manager | 2017-04-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | |||||
| CVE-2017-5672 | 1 Kony | 1 Enterprise Mobile Management | 2017-04-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. | |||||
| CVE-2014-8716 | 1 Imagemagick | 1 Imagemagick | 2017-04-17 | 2.1 LOW | 6.2 MEDIUM |
| The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). | |||||
| CVE-2014-8562 | 1 Imagemagick | 1 Imagemagick | 2017-04-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | |||||
| CVE-2016-5055 | 1 Osram | 1 Lightify Pro | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. | |||||
| CVE-2016-5059 | 1 Osram | 1 Lightify Pro | 2017-04-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application. | |||||
| CVE-2016-5642 | 1 Opmantek | 1 Network Management Information System | 2017-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Opmantek NMIS before 8.5.12G has XSS via SNMP. | |||||
| CVE-2016-5077 | 1 Netikus | 1 Eventsentry | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Netikus EventSentry before 3.2.1.44 has XSS via SNMP. | |||||
| CVE-2015-6021 | 1 Spiceworks | 1 Desktop | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. | |||||
| CVE-2015-2883 | 1 Philips | 1 In.sight B120\\37 | 2017-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | |||||
| CVE-2016-1517 | 1 Opencv | 1 Opencv | 2017-04-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks. | |||||
| CVE-2017-3889 | 1 Cisco | 1 Registered Envelope Service | 2017-04-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. | |||||
| CVE-2015-7275 | 1 Dell | 4 Integrated Remote Access Controller 6, Integrated Remote Access Controller 7, Integrated Remote Access Controller 8 and 1 more | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. | |||||
| CVE-2016-5075 | 1 Cloudviewnms | 1 Cloudview Nms | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| CloudView NMS before 2.10a has XSS via a TELNET login. | |||||
| CVE-2016-5073 | 1 Cloudviewnms | 1 Cloudview Nms | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| CloudView NMS before 2.10a has XSS via SNMP. | |||||
| CVE-2017-6435 | 1 Libplist Project | 1 Libplist | 2017-04-14 | 1.9 LOW | 5.0 MEDIUM |
| The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file. | |||||
| CVE-2015-8275 | 1 Eparaksts | 2 Edoc-libraries, Eparakstitajs 3 | 2017-04-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files. | |||||
| CVE-2015-8276 | 1 Eparaksts | 2 Edoc-libraries, Eparakstitajs 3 | 2017-04-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files. | |||||
| CVE-2015-6035 | 1 Opsview | 1 Opsview | 2017-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opsview before 2015-11-06 has XSS via SNMP. | |||||
| CVE-2017-7589 | 1 Openidm Project | 1 Openidm | 2017-04-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js. | |||||
| CVE-2017-7591 | 1 Openidm Project | 1 Openidm | 2017-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. | |||||
| CVE-2016-9197 | 1 Cisco | 1 Mobility Services Engine | 2017-04-13 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0). | |||||
| CVE-2016-6805 | 1 Apache | 1 Ignite | 2017-04-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents. | |||||
| CVE-2017-7579 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | |||||
| CVE-2016-10319 | 1 Arm Trusted Firmware Project | 1 Arm Trusted Firmware | 2017-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code. | |||||
| CVE-2015-4673 | 1 Clip-bucket | 1 Clipbucket | 2017-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php. | |||||
| CVE-2016-1000307 | 1 Clip-bucket | 1 Clipbucket | 2017-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673. | |||||
| CVE-2017-7443 | 2 Apt-cacher-ng Project, Apt-cacher Project | 2 Apt-cacher-ng, Apt-cacher | 2017-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. | |||||
| CVE-2017-7448 | 1 Dropbox | 1 Lepton | 2017-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image. | |||||
| CVE-2015-9019 | 1 Xmlsoft | 1 Libxslt | 2017-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. | |||||
| CVE-2017-6340 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2017-04-11 | 3.5 LOW | 5.4 MEDIUM |
| Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages. | |||||
| CVE-2016-10318 | 1 Linux | 1 Linux Kernel | 2017-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. | |||||
| CVE-2017-0888 | 1 Nextcloud | 1 Nextcloud | 2017-04-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. | |||||
| CVE-2016-8790 | 1 Huawei | 10 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 7 more | 2017-04-11 | 5.5 MEDIUM | 5.7 MEDIUM |
| Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot. | |||||
| CVE-2017-5950 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2017-04-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | |||||
| CVE-2016-8774 | 1 Huawei | 8 Mate 8, Mate 8 Firmware, Mate S and 5 more | 2017-04-11 | 7.2 HIGH | 6.7 MEDIUM |
| The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. | |||||
| CVE-2015-7847 | 1 Huawei | 2 E3272s, E3272s Firmware | 2017-04-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack. | |||||
| CVE-2016-10316 | 1 Jensenofscandinavia | 6 Al3g, Al3g Firmware, Al5000ac and 3 more | 2017-04-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout. | |||||
| CVE-2017-7380 | 1 Podofo Project | 1 Podofo | 2017-04-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||||
| CVE-2017-7383 | 1 Podofo Project | 1 Podofo | 2017-04-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||||
| CVE-2016-10218 | 1 Artifex | 1 Ghostscript | 2017-04-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | |||||
| CVE-2017-7382 | 1 Podofo Project | 1 Podofo | 2017-04-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||||
| CVE-2016-8776 | 1 Huawei | 4 P9, P9 Firmware, P9 Lite and 1 more | 2017-04-10 | 2.1 LOW | 4.6 MEDIUM |
| Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. | |||||
| CVE-2014-8570 | 1 Huawei | 52 5300hi, 5300hi Firmware, 5310ei and 49 more | 2017-04-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping. | |||||
| CVE-2016-10315 | 1 Jensenofscandinavia | 6 Al3g, Al3g Firmware, Al5000ac and 3 more | 2017-04-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages. | |||||
| CVE-2016-10217 | 1 Artifex | 1 Ghostscript | 2017-04-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. | |||||
| CVE-2016-5061 | 1 Aternity | 1 Aternity | 2017-04-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page. | |||||
| CVE-2016-7154 | 1 Xen | 1 Xen | 2017-04-10 | 7.2 HIGH | 6.7 MEDIUM |
| Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number. | |||||
| CVE-2016-0242 | 1 Ibm | 1 Security Guardium | 2017-04-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message. | |||||
| CVE-2017-7215 | 1 Misp Project | 1 Misp | 2017-04-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. | |||||