Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7410 | 1 Libdwarf Project | 1 Libdwarf | 2017-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file. | |||||
| CVE-2016-7792 | 1 Ubiquiti Networks | 2 Unifi Ap Ac Lite, Unifi Ap Ac Lite Firmware | 2017-01-26 | 8.3 HIGH | 8.8 HIGH |
| Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. | |||||
| CVE-2017-5475 | 1 S9y | 1 Serendipity | 2017-01-25 | 6.8 MEDIUM | 8.8 HIGH |
| comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | |||||
| CVE-2017-5476 | 1 S9y | 1 Serendipity | 2017-01-25 | 6.8 MEDIUM | 8.8 HIGH |
| Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | |||||
| CVE-2017-5474 | 1 S9y | 1 Serendipity | 2017-01-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | |||||
| CVE-2017-2578 | 1 Moodle | 1 Moodle | 2017-01-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Moodle 3.x, there is XSS in the assignment submission page. | |||||
| CVE-2016-5012 | 1 Moodle | 1 Moodle | 2017-01-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 3.x, glossary search displays entries without checking user permissions to view them. | |||||
| CVE-2014-8362 | 1 Vivint | 2 Sky Control Panel, Sky Control Panel Firmware | 2017-01-25 | 10.0 HIGH | 9.8 CRITICAL |
| Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. | |||||
| CVE-2015-7743 | 1 Paessler | 1 Prtg Network Monitor | 2017-01-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file. | |||||
| CVE-2016-5697 | 1 Onelogin | 1 Ruby-saml | 2017-01-25 | 5.0 MEDIUM | 7.5 HIGH |
| Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors. | |||||
| CVE-2016-4340 | 1 Gitlab | 1 Gitlab | 2017-01-25 | 6.5 MEDIUM | 8.8 HIGH |
| The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors. | |||||
| CVE-2016-9041 | 2017-01-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-2971. Reason: This candidate is a reservation duplicate of CVE-2017-2971. Notes: All CVE users should reference CVE-2017-2971 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-5119 | 1 Keepass | 1 Keepass | 2017-01-24 | 5.1 MEDIUM | 7.5 HIGH |
| The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. | |||||
| CVE-2016-3177 | 1 Giflib Project | 1 Giflib | 2017-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. | |||||
| CVE-2016-4056 | 1 Typo3 | 1 Typo3 | 2017-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark. | |||||
| CVE-2015-8860 | 1 Nodejs | 1 Node.js | 2017-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||||
| CVE-2013-7453 | 1 Nodejs | 1 Node.js | 2017-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. | |||||
| CVE-2013-7454 | 1 Nodejs | 1 Node.js | 2017-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. | |||||
| CVE-2013-7452 | 1 Nodejs | 1 Node.js | 2017-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI. | |||||
| CVE-2013-7451 | 1 Nodejs | 1 Node.js | 2017-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. | |||||
| CVE-2016-9870 | 1 Emc | 1 Isilon Onefs | 2017-01-24 | 7.2 HIGH | 6.7 MEDIUM |
| EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. | |||||
| CVE-2016-8458 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442. | |||||
| CVE-2016-8456 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580. | |||||
| CVE-2016-8457 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116. | |||||
| CVE-2016-8455 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311. | |||||
| CVE-2016-8445 | 1 Google | 1 Android | 2017-01-24 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983. | |||||
| CVE-2016-8444 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310. | |||||
| CVE-2016-8442 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.2 HIGH | 7.8 HIGH |
| Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173. | |||||
| CVE-2016-8443 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.2 HIGH | 7.8 HIGH |
| Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185. | |||||
| CVE-2016-8441 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.2 HIGH | 7.8 HIGH |
| Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769. | |||||
| CVE-2016-8440 | 1 Linux | 1 Linux Kernel | 2017-01-23 | 10.0 HIGH | 9.8 CRITICAL |
| Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747. | |||||
| CVE-2016-7981 | 1 Spip | 1 Spip | 2017-01-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. | |||||
| CVE-2017-5515 | 1 Metalgenix | 1 Genixcms | 2017-01-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. | |||||
| CVE-2017-5516 | 1 Metalgenix | 1 Genixcms | 2017-01-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. | |||||
| CVE-2016-7149 | 1 B2evolution | 1 B2evolution | 2017-01-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. | |||||
| CVE-2016-7150 | 1 B2evolution | 1 B2evolution | 2017-01-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name. | |||||
| CVE-2016-9677 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. | |||||
| CVE-2016-9678 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-9679 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. | |||||
| CVE-2016-9680 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. | |||||
| CVE-2016-9676 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-8212 | 1 Netbsd | 1 Netbsd | 2017-01-20 | 7.5 HIGH | 9.8 CRITICAL |
| CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. | |||||
| CVE-2016-6253 | 1 Netbsd | 1 Netbsd | 2017-01-20 | 7.2 HIGH | 7.8 HIGH |
| mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox. | |||||
| CVE-2016-7794 | 1 Sociomantic | 1 Git-hub | 2017-01-20 | 7.5 HIGH | 9.8 CRITICAL |
| sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name. | |||||
| CVE-2016-7793 | 1 Sociomantic | 1 Git-hub | 2017-01-20 | 6.8 MEDIUM | 8.8 HIGH |
| sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. | |||||
| CVE-2016-10086 | 5 Ca, Ibm, Linux and 2 more | 6 Service Desk Management, Service Desk Manager, Aix and 3 more | 2017-01-20 | 5.5 MEDIUM | 8.1 HIGH |
| RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. | |||||
| CVE-2016-9584 | 1 Libical Project | 1 Libical | 2017-01-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. | |||||
| CVE-2016-9109 | 1 Artifex | 1 Mujs | 2017-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563. | |||||
| CVE-2016-7564 | 1 Artifex | 1 Mujs | 2017-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. | |||||
| CVE-2016-7563 | 1 Artifex | 1 Mujs | 2017-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. | |||||