Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1675 | 1 Linux | 1 Util-linux | 2018-01-10 | 3.3 LOW | N/A |
| mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | |||||
| CVE-2011-1677 | 1 Linux | 1 Util-linux | 2018-01-10 | 4.6 MEDIUM | N/A |
| mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. | |||||
| CVE-2011-1777 | 1 Freebsd | 1 Libarchive | 2018-01-10 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image. | |||||
| CVE-2011-1778 | 1 Freebsd | 1 Libarchive | 2018-01-10 | 6.8 MEDIUM | N/A |
| Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive. | |||||
| CVE-2011-4816 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2018-01-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-4817 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2018-01-10 | 4.0 MEDIUM | N/A |
| The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account. | |||||
| CVE-2011-4818 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2018-01-10 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component. | |||||
| CVE-2011-4819 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2018-01-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/. | |||||
| CVE-2012-0036 | 1 Curl | 2 Curl, Libcurl | 2018-01-10 | 7.5 HIGH | N/A |
| curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. | |||||
| CVE-2012-0195 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2018-01-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name. | |||||
| CVE-2012-0452 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-01-10 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. | |||||
| CVE-2012-0774 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-01-10 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font. | |||||
| CVE-2012-0775 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-01-10 | 10.0 HIGH | N/A |
| The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2012-0777 | 3 Adobe, Apple, Linux | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2018-01-10 | 7.5 HIGH | N/A |
| The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2012-0884 | 1 Openssl | 1 Openssl | 2018-01-10 | 5.0 MEDIUM | N/A |
| The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. | |||||
| CVE-2012-1796 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Db2 and 2 more | 2018-01-10 | 7.2 HIGH | N/A |
| Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. | |||||
| CVE-2012-1797 | 1 Ibm | 1 Db2 | 2018-01-10 | 10.0 HIGH | N/A |
| IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. | |||||
| CVE-2012-1837 | 1 Ibm | 1 Tivoli Endpoint Manager | 2018-01-10 | 5.0 MEDIUM | N/A |
| The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2012-1838 | 1 Lg-nortel | 1 Elo Gs24m Switch | 2018-01-10 | 5.0 MEDIUM | N/A |
| The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page. | |||||
| CVE-2012-1840 | 1 Ajaxplorer | 1 Ajaxplorer | 2018-01-10 | 7.5 HIGH | N/A |
| AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash. | |||||
| CVE-2012-1841 | 2 Dell, Quantum | 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more | 2018-01-10 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||||
| CVE-2012-1842 | 2 Dell, Quantum | 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more | 2018-01-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1843 | 2 Dell, Quantum | 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more | 2018-01-10 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability." | |||||
| CVE-2012-1844 | 3 Dell, Ibm, Quantum | 9 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 6 more | 2018-01-10 | 7.5 HIGH | N/A |
| The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors. | |||||
| CVE-2015-7224 | 1 Puppet | 1 Puppetlabs-mysql | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask. | |||||
| CVE-2017-6140 | 1 F5 | 19 Big-ip 2000s, Big-ip 2200s, Big-ip 4000s and 16 more | 2018-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services. | |||||
| CVE-2017-17692 | 1 Samsung | 1 Internet Browser | 2018-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. | |||||
| CVE-2017-10907 | 1 Spiqe | 1 Onethird Cms Show Off | 2018-01-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-17988 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | |||||
| CVE-2017-10909 | 1 Sony | 1 Music Center | 2018-01-09 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-17983 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | |||||
| CVE-2017-17984 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | |||||
| CVE-2017-17985 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | |||||
| CVE-2017-17986 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | |||||
| CVE-2017-17987 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 6.5 MEDIUM | 7.2 HIGH |
| PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | |||||
| CVE-2017-17873 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. | |||||
| CVE-2017-17982 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 6.0 MEDIUM | 6.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | |||||
| CVE-2017-17941 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2018-01-09 | 6.5 MEDIUM | 7.2 HIGH |
| PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | |||||
| CVE-2017-17981 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | |||||
| CVE-2017-17940 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | |||||
| CVE-2017-17938 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | |||||
| CVE-2017-17939 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-16996 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-01-09 | 7.2 HIGH | 7.8 HIGH |
| kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling. | |||||
| CVE-2017-17904 | 1 Fortunescripts | 1 Lynda Clone | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. | |||||
| CVE-2017-17903 | 1 Fortunescripts | 1 Lynda Clone | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | |||||
| CVE-2017-17893 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2018-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. | |||||
| CVE-2017-17868 | 1 Liferay | 1 Liferay Portal | 2018-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | |||||
| CVE-2017-13056 | 1 Tracker-software | 1 Pdf-xchange Viewer | 2018-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2017-17891 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| Readymade Video Sharing Script has CSRF via user-profile-edit.php. | |||||
| CVE-2017-17892 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | |||||