IDCVSSSummaryLast (major) updatePublished
CVE-2017-16883 None
The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.
18-11-2017 - 13:29 18-11-2017 - 13:29
CVE-2017-16882 None
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gai
18-11-2017 - 13:29 18-11-2017 - 13:29
CVE-2017-16881 None
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.jav
18-11-2017 - 08:29 18-11-2017 - 08:29
CVE-2017-14077 None
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.
17-11-2017 - 20:29 17-11-2017 - 20:29
CVE-2017-16566 None
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused t
17-11-2017 - 18:29 17-11-2017 - 18:29
CVE-2017-1000221 None
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access
17-11-2017 - 17:29 17-11-2017 - 17:29
CVE-2017-1000217 None
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
17-11-2017 - 17:29 17-11-2017 - 17:29
CVE-2017-1000128 None
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser
17-11-2017 - 17:29 17-11-2017 - 17:29
CVE-2017-1000127 None
Exiv2 0.26 contains a heap buffer overflow in tiff parser
17-11-2017 - 17:29 17-11-2017 - 17:29
CVE-2017-1000126 None
exiv2 0.26 contains a Stack out of bounds read in webp parser
17-11-2017 - 17:29 17-11-2017 - 17:29
CVE-2017-4939 None
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute
17-11-2017 - 16:29 17-11-2017 - 16:29
CVE-2017-16880 None
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.
17-11-2017 - 16:29 17-11-2017 - 16:29
CVE-2017-1000230 None
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.
17-11-2017 - 16:29 17-11-2017 - 16:29
CVE-2017-1000227 None
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can
17-11-2017 - 16:29 17-11-2017 - 16:29
CVE-2017-1000190 None
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
17-11-2017 - 16:29 17-11-2017 - 16:29
CVE-2017-1000163 None
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.
17-11-2017 - 16:29 17-11-2017 - 16:29
CVE-2017-16845 None
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
17-11-2017 - 15:29 17-11-2017 - 15:29
CVE-2017-14111 None
The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the applicati
17-11-2017 - 15:29 17-11-2017 - 15:29
CVE-2017-1000215 None
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution
17-11-2017 - 15:29 17-11-2017 - 15:29
CVE-2017-6168 None
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attac
17-11-2017 - 14:29 17-11-2017 - 14:29
CVE-2017-13703 None
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.
17-11-2017 - 13:29 17-11-2017 - 13:29
CVE-2017-13702 None
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.
17-11-2017 - 13:29 17-11-2017 - 13:29
CVE-2017-13700 None
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.
17-11-2017 - 13:29 17-11-2017 - 13:29
CVE-2017-1000170 None
jqueryFileTree 2.1.5 and older Directory Traversal
17-11-2017 - 13:29 17-11-2017 - 13:29
CVE-2017-1000169 None
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.
17-11-2017 - 13:29 17-11-2017 - 13:29
CVE-2017-1000168 None
sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys
17-11-2017 - 13:29 17-11-2017 - 13:29
CVE-2017-16877 None
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
17-11-2017 - 12:29 17-11-2017 - 12:29
CVE-2017-16819 None
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.htm
17-11-2017 - 12:29 17-11-2017 - 12:29
CVE-2017-1000192 None
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption
17-11-2017 - 12:29 17-11-2017 - 12:29
CVE-2017-1000191 None
Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.
17-11-2017 - 12:29 17-11-2017 - 12:29
CVE-2017-16875 None
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key
17-11-2017 - 11:29 17-11-2017 - 11:29
CVE-2017-1000212 None
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.
17-11-2017 - 10:29 17-11-2017 - 10:29
CVE-2017-1000211 None
Lynx version 2.8.8 and older is vulnerable to a use after free in the HTML parser resulting in memory disclosure.
17-11-2017 - 10:29 17-11-2017 - 10:29
CVE-2017-1000206 None
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
17-11-2017 - 10:29 17-11-2017 - 10:29
CVE-2017-1000203 None
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution
17-11-2017 - 10:29 17-11-2017 - 10:29
CVE-2017-4938 None
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-4937 None
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denia
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-4936 None
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denia
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-4935 None
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Deni
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-4934 None
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-4929 None
VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-4928 None
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by se
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-4927 None
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-10890 None
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware version
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-10889 None
TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-10888 None
BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors.
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-10887 None
Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-10886 None
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via uns
17-11-2017 - 09:29 17-11-2017 - 09:29
CVE-2017-16872 None
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be capture
17-11-2017 - 04:29 17-11-2017 - 04:29
CVE-2017-16871 None
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter.
17-11-2017 - 04:29 17-11-2017 - 04:29
Back to Top Mark selected
Back to Top