Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5717 | 1 Intel | 1 Graphics Driver | 2017-12-27 | 7.2 HIGH | 7.8 HIGH |
| Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access. | |||||
| CVE-2017-7411 | 1 Enalean | 1 Tuleap | 2017-12-27 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). | |||||
| CVE-2017-8135 | 1 Huawei | 1 Fusionsphere Openstack | 2017-12-27 | 8.3 HIGH | 8.8 HIGH |
| The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | |||||
| CVE-2014-3250 | 3 Apache, Puppet, Redhat | 3 Http Server, Puppet, Linux | 2017-12-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | |||||
| CVE-2017-14091 | 1 Trendmicro | 1 Scanmail | 2017-12-27 | 7.6 HIGH | 7.5 HIGH |
| A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. | |||||
| CVE-2017-14386 | 1 Dell | 4 2335dn, 2335dn Firmware, 2355dn and 1 more | 2017-12-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. | |||||
| CVE-2017-11939 | 1 Microsoft | 1 Office | 2017-12-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability". | |||||
| CVE-2017-11935 | 1 Microsoft | 1 Office | 2017-12-27 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". | |||||
| CVE-2017-15529 | 1 Symantec | 1 Norton Family | 2017-12-27 | 2.1 LOW | 6.2 MEDIUM |
| Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-15530 | 1 Symantec | 1 Norton Family | 2017-12-27 | 2.1 LOW | 3.3 LOW |
| Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings. | |||||
| CVE-2017-14374 | 1 Dell | 1 Storage Manager | 2017-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). | |||||
| CVE-2017-1536 | 1 Ibm | 1 Websphere Portal | 2017-12-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733. | |||||
| CVE-2017-14093 | 1 Trendmicro | 1 Scanmail | 2017-12-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. | |||||
| CVE-2017-1546 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2017-12-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915. | |||||
| CVE-2017-1635 | 1 Ibm | 1 Tivoli Monitoring | 2017-12-27 | 5.2 MEDIUM | 8.0 HIGH |
| IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243. | |||||
| CVE-2017-1558 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2017-12-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548. | |||||
| CVE-2017-14090 | 1 Trendmicro | 1 Scanmail | 2017-12-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. | |||||
| CVE-2017-11302 | 1 Adobe | 1 Indesign | 2017-12-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-11507 | 1 Check Mk Project | 1 Check Mk | 2017-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page. | |||||
| CVE-2017-11294 | 2 Adobe, Microsoft | 2 Shockwave, Windows | 2017-12-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-17622 | 1 Online Exam Test Application Script Project | 1 Online Exam Test Application Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter. | |||||
| CVE-2017-17614 | 1 Hotel Restaurant Reviews And Feedback Script Project | 1 Hotel Restaurant Reviews And Feedback Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Food Order Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17628 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter. | |||||
| CVE-2017-17609 | 1 Chartered Accountant Booking Script Project | 1 Chartered Accountant Booking Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter. | |||||
| CVE-2017-17626 | 1 Readymade Php Classified Script Project | 1 Readymade Php Classified Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. | |||||
| CVE-2017-17627 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. | |||||
| CVE-2017-17602 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. | |||||
| CVE-2017-17608 | 1 Kindergarten - Elementary School Listing Script Project | 1 Kindergarten - Elementary School Listing Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Child Care Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17621 | 1 Multivendor Penny Auction Clone Script Project | 1 Multivendor Penny Auction Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. | |||||
| CVE-2017-17618 | 1 Kickstarter Clone Script Project | 1 Kickstarter Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. | |||||
| CVE-2017-17619 | 1 Laundry Booking Script Project | 1 Laundry Booking Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Laundry Booking Script 1.0 has SQL Injection via the /list city parameter. | |||||
| CVE-2017-17620 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter. | |||||
| CVE-2017-17617 | 1 Foodspotting Clone Script Project | 1 Foodspotting Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. | |||||
| CVE-2017-7738 | 1 Fortinet | 1 Fortios | 2017-12-26 | 4.0 MEDIUM | 7.2 HIGH |
| An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. | |||||
| CVE-2017-13070 | 1 Qnap | 1 Qsync | 2017-12-26 | 9.3 HIGH | 7.8 HIGH |
| A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. | |||||
| CVE-2017-14092 | 1 Trendmicro | 1 Scanmail | 2017-12-26 | 6.8 MEDIUM | 8.8 HIGH |
| The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | |||||
| CVE-2017-1613 | 1 Ibm | 1 Connections | 2017-12-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954. | |||||
| CVE-2017-1632 | 1 Ibm | 1 Sterling File Gateway | 2017-12-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178. | |||||
| CVE-2017-1683 | 1 Ibm | 1 Connections Engagement Center | 2017-12-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005. | |||||
| CVE-2017-1421 | 1 Ibm | 1 Inotes | 2017-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1606 | 1 Ibm | 1 Financial Transaction Manager | 2017-12-26 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926. | |||||
| CVE-2017-17610 | 1 E-commerce Mlm Software Project | 1 E-commerce Mlm Software | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter. | |||||
| CVE-2017-17615 | 1 Facebook Clone Script Project | 1 Facebook Clone Script | 2017-12-26 | 6.5 MEDIUM | 8.8 HIGH |
| Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. | |||||
| CVE-2017-17613 | 1 Freelance Website Script Project | 1 Freelance Website Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. | |||||
| CVE-2017-17642 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. | |||||
| CVE-2017-17640 | 1 Advanced World Database Project | 1 Advanced World Database | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. | |||||
| CVE-2017-17638 | 1 Groupon Clone Script Project | 1 Groupon Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. | |||||
| CVE-2017-17639 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. | |||||
| CVE-2017-17641 | 1 Resume Clone Script Project | 1 Resume Clone Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. | |||||
| CVE-2017-17648 | 1 Entrepreneur Dating Script Project | 1 Entrepreneur Dating Script | 2017-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | |||||