Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10373 | 2017-05-31 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10214. Reason: This candidate is a reservation duplicate of CVE-2016-10214. Notes: All CVE users should reference CVE-2016-10214 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||||
| CVE-2017-7731 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | |||||
| CVE-2017-7338 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | |||||
| CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | |||||
| CVE-2017-2174 | 1 Ipa | 1 Empirical Project Monitor - Extended | 2017-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2175 | 1 Ipa | 1 Empirical Project Monitor - Extended | 2017-05-31 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2173 | 1 Ipa | 1 Empirical Project Monitor - Extended | 2017-05-31 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-8477 | 1 Redmine | 1 Redmine | 2017-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering. | |||||
| CVE-2015-5241 | 1 Apache | 1 Juddi | 2017-05-31 | 5.8 MEDIUM | 6.1 MEDIUM |
| After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect. | |||||
| CVE-2015-5469 | 1 Mdc Youtube Downloader Project | 1 Mdc Youtube Downloader | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php. | |||||
| CVE-2015-4704 | 1 Download Zip Attachments Project | 1 Download Zip Attachments | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php. | |||||
| CVE-2014-3582 | 1 Apache | 1 Ambari | 2017-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | |||||
| CVE-2016-6112 | 1 Ibm | 3 Distributed Marketing, Marketing Operations, Marketing Platform | 2017-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282. | |||||
| CVE-2015-4045 | 1 Alienvault | 1 Open Source Security Information Management | 2017-05-30 | 7.2 HIGH | 6.7 MEDIUM |
| The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script. | |||||
| CVE-2015-4046 | 1 Alienvault | 1 Open Source Security Information Management | 2017-05-30 | 6.5 MEDIUM | 7.2 HIGH |
| The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. | |||||
| CVE-2017-9071 | 1 Modx | 1 Modx Revolution | 2017-05-30 | 2.6 LOW | 4.7 MEDIUM |
| In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning. | |||||
| CVE-2017-9068 | 1 Modx | 1 Modx Revolution | 2017-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter. | |||||
| CVE-2017-9069 | 1 Modx | 1 Modx Revolution | 2017-05-30 | 6.5 MEDIUM | 8.8 HIGH |
| In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | |||||
| CVE-2017-9070 | 1 Modx | 1 Modx Revolution | 2017-05-30 | 3.5 LOW | 5.4 MEDIUM |
| In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php. | |||||
| CVE-2017-8833 | 1 Zen-cart | 1 Zen Cart | 2017-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github." | |||||
| CVE-2016-4903 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2017-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4904 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2017-05-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors. | |||||
| CVE-2016-4905 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2017-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-9167 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25. | |||||
| CVE-2017-9187 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7. | |||||
| CVE-2017-9197 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55. | |||||
| CVE-2017-9198 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18. | |||||
| CVE-2017-9199 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19. | |||||
| CVE-2017-9200 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63. | |||||
| CVE-2017-9190 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5. | |||||
| CVE-2017-9191 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15. | |||||
| CVE-2017-9192 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7. | |||||
| CVE-2017-9183 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7. | |||||
| CVE-2017-9186 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17. | |||||
| CVE-2017-9188 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63. | |||||
| CVE-2017-9184 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7. | |||||
| CVE-2017-9185 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7. | |||||
| CVE-2017-9189 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11. | |||||
| CVE-2017-9177 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12. | |||||
| CVE-2017-9178 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11. | |||||
| CVE-2017-9179 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14. | |||||
| CVE-2017-9181 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c. | |||||
| CVE-2017-9168 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25. | |||||
| CVE-2017-9172 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:496:29. | |||||
| CVE-2017-9173 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29. | |||||
| CVE-2017-9174 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23. | |||||
| CVE-2017-9175 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25. | |||||
| CVE-2017-9176 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25. | |||||
| CVE-2017-9169 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25. | |||||