IDCVSSSummaryLast (major) updatePublished
CVE-2017-3883 None
A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to r
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-15612 None
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-15611 None
In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-15610 None
An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export C
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-15609 None
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12301 None
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12298 None
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some param
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12296 None
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some par
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12293 None
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the aff
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12289 None
A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect imp
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12288 None
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is du
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12287 None
A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affec
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12286 None
A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is du
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12285 None
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected s
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12284 None
A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a l
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12272 None
A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due t
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12271 None
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An atta
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12260 None
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unrespo
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12259 None
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-12251 None
A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vul
19-10-2017 - 04:29 19-10-2017 - 04:29
CVE-2017-15602 None
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
18-10-2017 - 17:29 18-10-2017 - 17:29
CVE-2017-15601 None
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
18-10-2017 - 17:29 18-10-2017 - 17:29
CVE-2017-15600 None
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
18-10-2017 - 17:29 18-10-2017 - 17:29
CVE-2015-6961 None
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout.
18-10-2017 - 16:29 18-10-2017 - 16:29
CVE-2015-5740 None
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
18-10-2017 - 16:29 18-10-2017 - 16:29
CVE-2015-5739 None
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length"
18-10-2017 - 16:29 18-10-2017 - 16:29
CVE-2015-5376 None
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.
18-10-2017 - 16:29 18-10-2017 - 16:29
CVE-2015-5227 None
The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.
18-10-2017 - 16:29 18-10-2017 - 16:29
CVE-2017-15359 None
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker
18-10-2017 - 14:29 18-10-2017 - 14:29
CVE-2017-14956 None
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to
18-10-2017 - 14:29 18-10-2017 - 14:29
CVE-2017-14322 None
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie wit
18-10-2017 - 14:29 18-10-2017 - 14:29
CVE-2016-5714 None
Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, a
18-10-2017 - 14:29 18-10-2017 - 14:29
CVE-2015-7943 None
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and
18-10-2017 - 14:29 18-10-2017 - 14:29
CVE-2015-7715 None
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrat
18-10-2017 - 14:29 18-10-2017 - 14:29
CVE-2015-7714 None
Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field a
18-10-2017 - 14:29 18-10-2017 - 14:29
CVE-2015-1239 None
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.
18-10-2017 - 13:29 18-10-2017 - 13:29
CVE-2015-5164 None
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle process
18-10-2017 - 12:29 18-10-2017 - 12:29
CVE-2017-8022 None
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially
18-10-2017 - 11:29 18-10-2017 - 11:29
CVE-2015-3400 None
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.
18-10-2017 - 11:29 18-10-2017 - 11:29
CVE-2015-2156 None
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by
18-10-2017 - 11:29 18-10-2017 - 11:29
CVE-2014-8491 None
The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php.
18-10-2017 - 10:29 18-10-2017 - 10:29
CVE-2014-7813 None
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols.
18-10-2017 - 10:29 18-10-2017 - 10:29
CVE-2014-7242 None
The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by le
18-10-2017 - 10:29 18-10-2017 - 10:29
CVE-2014-3709 None
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
18-10-2017 - 10:29 18-10-2017 - 10:29
CVE-2014-3706 None
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
18-10-2017 - 10:29 18-10-2017 - 10:29
CVE-2014-3531 None
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
18-10-2017 - 10:29 18-10-2017 - 10:29
CVE-2014-3164 None
cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths.
18-10-2017 - 10:29 18-10-2017 - 10:29
CVE-2011-5320 None
scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.
18-10-2017 - 10:29 18-10-2017 - 10:29
CVE-2017-13083 None
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code
18-10-2017 - 09:29 18-10-2017 - 09:29
CVE-2017-8024 None
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the a
18-10-2017 - 05:29 18-10-2017 - 05:29
Back to Top Mark selected
Back to Top