Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5666 | 1 Ana | 1 All Nippon Airways | 2017-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | |||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2017-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| GANMA! App for iOS does not verify SSL certificates. | |||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | |||||
| CVE-2015-8375 | 1 Php-fusion | 1 Php-fusion | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | |||||
| CVE-2017-14748 | 1 Blizzard | 1 Overwatch | 2017-10-06 | 3.5 LOW | 5.3 MEDIUM |
| Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match. | |||||
| CVE-2017-14838 | 1 Teamworktec | 1 Job Links | 2017-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | |||||
| CVE-2017-14839 | 1 Teamworktec | 1 Photo Fusion | 2017-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | |||||
| CVE-2017-14840 | 1 Teamworktec | 1 Ticketplus | 2017-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | |||||
| CVE-2017-14954 | 1 Linux | 1 Linux Kernel | 2017-10-06 | 2.1 LOW | 5.5 MEDIUM |
| The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call. | |||||
| CVE-2015-7293 | 2 Plone, Zope | 2 Plone, Zope Management Interface | 2017-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | |||||
| CVE-2015-5704 | 2 Devscripts Devel Team, Fedoraproject | 2 Devscripts, Fedora | 2017-10-06 | 7.2 HIGH | 7.8 HIGH |
| scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | |||||
| CVE-2015-7748 | 1 Juniper | 1 Junos | 2017-10-06 | 5.0 MEDIUM | N/A |
| Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet. | |||||
| CVE-2017-12069 | 2 Ocpfoundation, Siemens | 4 Local Discovery Server, Ua .net, Simatic Pcs7 and 1 more | 2017-10-06 | 6.4 MEDIUM | 8.2 HIGH |
| An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. | |||||
| CVE-2017-14712 | 1 Telaxius | 1 Epesi | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | |||||
| CVE-2017-14717 | 1 Telaxius | 1 Epesi | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | |||||
| CVE-2017-9551 | 1 Mahara | 1 Mahara | 2017-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account. | |||||
| CVE-2015-5263 | 1 Pulpproject | 1 Pulp | 2017-10-05 | 6.8 MEDIUM | 8.1 HIGH |
| pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | |||||
| CVE-2017-13991 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2017-10-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | |||||
| CVE-2017-13990 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2017-10-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | |||||
| CVE-2017-13986 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2017-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | |||||
| CVE-2017-14922 | 1 Tine20 | 1 Tine 2.0 | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-14350 | 1 Hp | 1 Application Performance Management | 2017-10-05 | 10.0 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | |||||
| CVE-2017-14844 | 1 Dasinfomedia | 1 Wpgym Gym Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | |||||
| CVE-2017-14921 | 1 Tine20 | 1 Tine 2.0 | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-14920 | 1 Egroupware | 1 Egroupware | 2017-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. | |||||
| CVE-2017-14843 | 1 Dasinfomedia | 1 School Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14842 | 1 Dasinfomedia | 1 Smsmaster Multipurpose Sms Gateway | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14841 | 1 Dasinfomedia | 1 Annual Maintenance Contract Management System | 2017-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | |||||
| CVE-2015-9231 | 1 Iterm2 | 1 Iterm2 | 2017-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware. | |||||
| CVE-2017-14846 | 1 Dasinfomedia | 1 Hospital Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14845 | 1 Dasinfomedia | 1 Wpchurch Church Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14923 | 1 Tine20 | 1 Tine 2.0 | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-14847 | 1 Dasinfomedia | 1 Wpams Apartment Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14974 | 1 Gnu | 1 Binutils | 2017-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | |||||
| CVE-2015-4071 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2017-10-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}. | |||||
| CVE-2015-3420 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2017-10-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | |||||
| CVE-2017-13984 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2017-10-05 | 5.5 MEDIUM | 6.5 MEDIUM |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. | |||||
| CVE-2017-14947 | 2 Artifex, Microsoft | 2 Gsview, Windows | 2017-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359." | |||||
| CVE-2017-13983 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2017-10-05 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | |||||
| CVE-2017-14945 | 2 Artifex, Microsoft | 2 Gsview, Windows | 2017-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068." | |||||
| CVE-2017-14946 | 2 Artifex, Microsoft | 2 Gsview, Windows | 2017-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e." | |||||
| CVE-2015-7837 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server Aus and 3 more | 2017-10-05 | 2.1 LOW | 5.5 MEDIUM |
| The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | |||||
| CVE-2017-13985 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2017-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | |||||
| CVE-2015-5607 | 2 Fedoraproject, Ipython | 2 Fedora, Ipython | 2017-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery in the REST API in IPython 2 and 3. | |||||
| CVE-2017-14653 | 1 Asp4cms | 1 Aspcms | 2017-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. | |||||
| CVE-2017-9393 | 1 Ca | 2 Identity Manager, Identity Manager Virtual Appliance | 2017-10-05 | 5.0 MEDIUM | 9.8 CRITICAL |
| CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | |||||
| CVE-2017-14706 | 1 Denyall | 2 I-suite, Web Application Firewall | 2017-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | |||||
| CVE-2015-1187 | 2 D-link, Trendnet | 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more | 2017-10-05 | 10.0 HIGH | 9.8 CRITICAL |
| The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | |||||
| CVE-2002-1120 | 1 Savant | 1 Savant Web Server | 2017-10-05 | 7.5 HIGH | N/A |
| Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2003-0831 | 1 Proftpd Project | 1 Proftpd | 2017-10-05 | 9.0 HIGH | N/A |
| ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files. | |||||