Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9043 | 1 Gnu | 1 Binutils | 2017-05-25 | 6.8 MEDIUM | 7.8 HIGH |
| readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2017-9044 | 1 Gnu | 1 Binutils | 2017-05-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. | |||||
| CVE-2017-9051 | 1 Libav | 1 Libav | 2017-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. | |||||
| CVE-2017-9054 | 1 Libdwarf Project | 1 Libdwarf | 2017-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read. | |||||
| CVE-2017-9055 | 1 Libdwarf Project | 1 Libdwarf | 2017-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. | |||||
| CVE-2017-9053 | 1 Libdwarf Project | 1 Libdwarf | 2017-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function). | |||||
| CVE-2015-3998 | 2 Clickfraud-monitoring, Phpwhois Project | 2 Adsense-click-fraud-monitoring, Phpwhois | 2017-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php. | |||||
| CVE-2017-9026 | 1 Hootoo | 2 Trip Mate 6, Trip Mate 6 Firmware | 2017-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted fname parameter of a GET request. | |||||
| CVE-2017-9025 | 1 Hootoo | 2 Trip Mate 6, Trip Mate 6 Firmware | 2017-05-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header. | |||||
| CVE-2017-8926 | 1 Halliburton | 1 Logview Pro | 2017-05-24 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. | |||||
| CVE-2017-0252 | 1 Microsoft | 1 Edge | 2017-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223. | |||||
| CVE-2017-8937 | 1 Life Before Us | 1 Yo. | 2017-05-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-4070 | 1 Wow New Media | 1 Wow Moodboard Lite | 2017-05-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2017-6889 | 1 Libraw | 1 Libraw-demosaic-pack-gpl2 | 2017-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. | |||||
| CVE-2016-10283 | 1 Linux | 1 Linux Kernel | 2017-05-24 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052. | |||||
| CVE-2016-10295 | 1 Linux | 1 Linux Kernel | 2017-05-24 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326. | |||||
| CVE-2016-7980 | 1 Spip | 1 Spip | 2017-05-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. | |||||
| CVE-2016-7982 | 1 Spip | 1 Spip | 2017-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. | |||||
| CVE-2016-7998 | 1 Spip | 1 Spip | 2017-05-24 | 6.5 MEDIUM | 8.8 HIGH |
| The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. | |||||
| CVE-2016-7999 | 1 Spip | 1 Spip | 2017-05-24 | 4.3 MEDIUM | 7.4 HIGH |
| ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. | |||||
| CVE-2017-2775 | 1 Ni | 1 Labview | 2017-05-24 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution. | |||||
| CVE-2017-5670 | 1 Riverbed | 1 Rios | 2017-05-24 | 2.1 LOW | 4.6 MEDIUM |
| Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks. | |||||
| CVE-2017-0255 | 1 Microsoft | 1 Sharepoint Foundation | 2017-05-23 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability". | |||||
| CVE-2017-0264 | 1 Microsoft | 1 Powerpoint For Mac | 2017-05-23 | 9.3 HIGH | 7.8 HIGH |
| Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265. | |||||
| CVE-2017-0221 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240. | |||||
| CVE-2017-0266 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability." | |||||
| CVE-2017-2163 | 1 N-i-agroinformatics | 1 Soy Cms | 2017-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | |||||
| CVE-2017-5654 | 1 Apache | 1 Ambari | 2017-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. | |||||
| CVE-2017-0238 | 1 Microsoft | 2 Edge, Internet Explorer | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236. | |||||
| CVE-2017-8929 | 1 Virustotal | 1 Yara | 2017-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. | |||||
| CVE-2017-0235 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238. | |||||
| CVE-2017-0229 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | |||||
| CVE-2017-0230 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | |||||
| CVE-2017-0226 | 1 Microsoft | 1 Internet Explorer | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0222. | |||||
| CVE-2017-7491 | 1 Moodle | 1 Moodle | 2017-05-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. | |||||
| CVE-2016-9750 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. | |||||
| CVE-2017-0224 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | |||||
| CVE-2016-5979 | 1 Ibm | 1 Distributed Marketing | 2017-05-23 | 4.0 MEDIUM | 2.7 LOW |
| IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379. | |||||
| CVE-2017-2164 | 1 N-i-agroinformatics | 1 Soy Cms | 2017-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-9735 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-05-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, | |||||
| CVE-2017-7213 | 1 Zohocorp | 1 Manageengine Desktop Central | 2017-05-23 | 10.0 HIGH | 10.0 CRITICAL |
| Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. | |||||
| CVE-2017-8933 | 1 Libmenu-cache Project | 1 Libmenu-cache | 2017-05-23 | 2.1 LOW | 3.3 LOW |
| Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability). | |||||
| CVE-2017-8934 | 1 Pcmanfm Project | 1 Pcmanfm | 2017-05-23 | 2.1 LOW | 5.5 MEDIUM |
| PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). | |||||
| CVE-2017-5655 | 1 Apache | 1 Ambari | 2017-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host. | |||||
| CVE-2011-2481 | 1 Apache | 1 Tomcat | 2017-05-23 | 4.6 MEDIUM | N/A |
| Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression. | |||||
| CVE-2011-3376 | 1 Apache | 1 Tomcat | 2017-05-23 | 4.4 MEDIUM | N/A |
| org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. | |||||
| CVE-2013-2071 | 1 Apache | 1 Tomcat | 2017-05-23 | 2.6 LOW | N/A |
| java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. | |||||
| CVE-2014-2109 | 1 Cisco | 1 Ios | 2017-05-23 | 7.8 HIGH | N/A |
| The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. | |||||
| CVE-2014-2111 | 1 Cisco | 1 Ios | 2017-05-23 | 7.1 HIGH | N/A |
| The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. | |||||
| CVE-2014-2112 | 1 Cisco | 1 Ios | 2017-05-23 | 7.8 HIGH | N/A |
| The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. | |||||