IDCVSSSummaryLast (major) updatePublished
CVE-2017-7415 None
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
27-04-2017 - 10:59 27-04-2017 - 10:59
CVE-2017-8291 None
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
27-04-2017 - 01:59 27-04-2017 - 01:59
CVE-2017-8289 None
Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have
27-04-2017 - 01:59 27-04-2017 - 01:59
CVE-2017-8288 None
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information fro
27-04-2017 - 00:59 27-04-2017 - 00:59
CVE-2017-8287 None
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
27-04-2017 - 00:59 27-04-2017 - 00:59
CVE-2017-6037 None
A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system.
27-04-2017 - 00:59 27-04-2017 - 00:59
CVE-2017-6035 None
A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when a malicious project file is run on the system.
27-04-2017 - 00:59 27-04-2017 - 00:59
CVE-2017-3162 None
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.
26-04-2017 - 20:59 26-04-2017 - 20:59
CVE-2017-3161 None
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
26-04-2017 - 20:59 26-04-2017 - 20:59
CVE-2017-1170 None
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.
26-04-2017 - 17:59 26-04-2017 - 17:59
CVE-2016-8962 None
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.
26-04-2017 - 17:59 26-04-2017 - 17:59
CVE-2016-8924 None
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's s
26-04-2017 - 17:59 26-04-2017 - 17:59
CVE-2017-8284 None
** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic
26-04-2017 - 14:59 26-04-2017 - 14:59
CVE-2017-7720 None
Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.
26-04-2017 - 14:59 26-04-2017 - 14:59
CVE-2017-6054 None
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.
26-04-2017 - 14:59 26-04-2017 - 14:59
CVE-2017-6052 None
A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.
26-04-2017 - 14:59 26-04-2017 - 14:59
CVE-2017-8283 None
dpkg-source in dpkg through 1.8.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source packag
26-04-2017 - 05:59 26-04-2017 - 05:59
CVE-2017-7293 None
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1
26-04-2017 - 05:59 26-04-2017 - 05:59
CVE-2017-8225 None
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.
25-04-2017 - 20:59 25-04-2017 - 20:59
CVE-2017-8224 None
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
25-04-2017 - 20:59 25-04-2017 - 20:59
CVE-2017-8223 None
On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.
25-04-2017 - 20:59 25-04-2017 - 20:59
CVE-2017-8222 None
Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information.
25-04-2017 - 20:59 25-04-2017 - 20:59
CVE-2017-8221 None
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing t
25-04-2017 - 20:59 25-04-2017 - 20:59
CVE-2017-8220 None
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
25-04-2017 - 20:59 25-04-2017 - 20:59
CVE-2017-8219 None
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
25-04-2017 - 20:59 25-04-2017 - 20:59
CVE-2017-8218 None
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password
25-04-2017 - 20:59 25-04-2017 - 20:59
CVE-2017-8217 None
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.
25-04-2017 - 20:59 25-04-2017 - 20:59
CVE-2017-8115 None
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.
25-04-2017 - 19:59 25-04-2017 - 19:59
CVE-2017-3434 None
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily "exploitable" vulnerability allows unauthenticated
25-04-2017 - 19:59 25-04-2017 - 19:59
CVE-2017-3356 None
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u
25-04-2017 - 19:59 25-04-2017 - 19:59
CVE-2017-3355 None
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u
25-04-2017 - 19:59 25-04-2017 - 19:59
CVE-2017-3347 None
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u
25-04-2017 - 19:59 25-04-2017 - 19:59
CVE-2017-3345 None
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u
25-04-2017 - 19:59 25-04-2017 - 19:59
CVE-2017-3342 None
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u
25-04-2017 - 19:59 25-04-2017 - 19:59
CVE-2017-8057 None
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
25-04-2017 - 18:59 25-04-2017 - 18:59
CVE-2017-7989 None
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
25-04-2017 - 18:59 25-04-2017 - 18:59
CVE-2017-7988 None
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
25-04-2017 - 18:59 25-04-2017 - 18:59
CVE-2017-7987 None
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
25-04-2017 - 18:59 25-04-2017 - 18:59
CVE-2017-7986 None
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
25-04-2017 - 18:59 25-04-2017 - 18:59
CVE-2017-7985 None
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
25-04-2017 - 18:59 25-04-2017 - 18:59
CVE-2017-7984 None
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
25-04-2017 - 18:59 25-04-2017 - 18:59
CVE-2017-7983 None
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
25-04-2017 - 18:59 25-04-2017 - 18:59
CVE-2017-1274 None
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.
25-04-2017 - 18:59 25-04-2017 - 18:59
CVE-2017-1149 None
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informat
25-04-2017 - 18:59 25-04-2017 - 18:59
CVE-2017-8110 None
www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.
25-04-2017 - 17:59 25-04-2017 - 17:59
CVE-2017-8109 None
The salt-ssh minion code in SaltStack Salt before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
25-04-2017 - 17:59 25-04-2017 - 17:59
CVE-2017-5625 None
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboo
25-04-2017 - 16:59 25-04-2017 - 16:59
CVE-2016-8030 None
A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link.
25-04-2017 - 16:59 25-04-2017 - 16:59
CVE-2017-7477 None
Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in con
25-04-2017 - 14:59 25-04-2017 - 14:59
CVE-2017-7221 None
OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docba
25-04-2017 - 14:59 25-04-2017 - 14:59
Back to Top Mark selected
Back to Top