IDCVSSSummaryLast (major) updatePublished
CVE-2017-7304 None
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before atte
29-03-2017 - 15:59 29-03-2017 - 15:59
CVE-2017-7303 None
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vul
29-03-2017 - 15:59 29-03-2017 - 15:59
CVE-2017-7302 None
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be reco
29-03-2017 - 15:59 29-03-2017 - 15:59
CVE-2017-7301 None
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerabi
29-03-2017 - 15:59 29-03-2017 - 15:59
CVE-2017-7300 None
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for inval
29-03-2017 - 15:59 29-03-2017 - 15:59
CVE-2017-7299 None
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file bef
29-03-2017 - 15:59 29-03-2017 - 15:59
CVE-2017-7285 None
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP conn
29-03-2017 - 14:59 29-03-2017 - 14:59
CVE-2017-5900 None
Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm.
29-03-2017 - 14:59 29-03-2017 - 14:59
CVE-2017-5671 None
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak
29-03-2017 - 14:59 29-03-2017 - 14:59
CVE-2016-9924 None
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.
29-03-2017 - 14:59 29-03-2017 - 14:59
CVE-2016-6846 None
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office
29-03-2017 - 14:59 29-03-2017 - 14:59
CVE-2015-8234 None
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
29-03-2017 - 14:59 29-03-2017 - 14:59
CVE-2015-4556 None
The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).
29-03-2017 - 14:59 29-03-2017 - 14:59
CVE-2009-5147 None
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
29-03-2017 - 14:59 29-03-2017 - 14:59
CVE-2017-7298 None
In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.
29-03-2017 - 05:59 29-03-2017 - 05:59
CVE-2017-7294 None
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, an
29-03-2017 - 02:59 29-03-2017 - 02:59
CVE-2017-6864 None
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.
29-03-2017 - 01:59 29-03-2017 - 01:59
CVE-2017-2689 None
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.
29-03-2017 - 01:59 29-03-2017 - 01:59
CVE-2017-2688 None
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into c
29-03-2017 - 01:59 29-03-2017 - 01:59
CVE-2017-2687 None
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link.
29-03-2017 - 01:59 29-03-2017 - 01:59
CVE-2017-2686 None
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information.
29-03-2017 - 01:59 29-03-2017 - 01:59
CVE-2017-7297 None
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
29-03-2017 - 00:59 29-03-2017 - 00:59
CVE-2016-6807 None
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari A
28-03-2017 - 20:59 28-03-2017 - 20:59
CVE-2016-8749 None
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
28-03-2017 - 18:59 28-03-2017 - 18:59
CVE-2016-8031 None
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.
28-03-2017 - 15:59 28-03-2017 - 15:59
CVE-2014-6440 None
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
28-03-2017 - 15:59 28-03-2017 - 15:59
CVE-2016-8884 None
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of
28-03-2017 - 14:59 28-03-2017 - 14:59
CVE-2016-10152 None
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
28-03-2017 - 14:59 28-03-2017 - 14:59
CVE-2017-7277 None
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds
28-03-2017 - 06:59 28-03-2017 - 06:59
CVE-2017-0882 None
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2017-0881 None
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9473 None
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9472 3.5
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9471 None
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical use
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9470 None
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9469 None
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9468 None
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential mi
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9467 None
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9466 None
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9465 None
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. D
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9464 None
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9463 None
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenti
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9462 None
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thu
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9461 None
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticate
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9460 None
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake d
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9459 None
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user.
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9457 3.5
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_star
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9456 None
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues we
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9455 None
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanc
28-03-2017 - 02:59 28-03-2017 - 02:59
CVE-2016-9454 3.5
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped wh
28-03-2017 - 02:59 28-03-2017 - 02:59
Back to Top Mark selected
Back to Top