IDCVSSSummaryLast (major) updatePublished
CVE-2017-14703 None
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.
26-09-2017 - 09:29 26-09-2017 - 09:29
CVE-2017-14744 None
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
26-09-2017 - 02:29 26-09-2017 - 02:29
CVE-2017-14743 None
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.
26-09-2017 - 02:29 26-09-2017 - 02:29
CVE-2017-12154 None
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allow
26-09-2017 - 01:29 26-09-2017 - 01:29
CVE-2017-1000252 None
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
26-09-2017 - 01:29 26-09-2017 - 01:29
CVE-2017-14741 None
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
25-09-2017 - 22:29 25-09-2017 - 22:29
CVE-2017-14739 None
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/di
25-09-2017 - 22:29 25-09-2017 - 22:29
CVE-2017-14001 None
An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system t
25-09-2017 - 22:29 25-09-2017 - 22:29
CVE-2017-9962 None
Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications af
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-9961 None
A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is a
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-9960 None
An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-9959 None
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-9958 None
An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-9957 None
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with hi
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-9956 None
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-7974 None
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-7973 None
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying data
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-7972 None
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applicati
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-7971 None
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of pe
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-7970 None
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connectio
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-7969 None
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-14737 None
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2015-8707 None
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the refer
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2015-0238 None
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2014-8889 None
Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2014-8170 None
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physica
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2014-8156 None
The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetwor
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2014-0997 None
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2017-14735 None
OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2017-14734 None
The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2017-14733 None
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2017-14731 None
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2016-5868 None
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-8375 None
Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-8251 None
OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and O
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-7846 None
Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-7785 None
GANMA! App for iOS does not verify SSL certificates.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-7544 None
redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-7510 None
Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-7293 None
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-6592 None
Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-5704 None
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-5666 None
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-5327 None
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-5263 None
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-5184 None
The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-5183 None
The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-5182 None
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-5181 None
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-5169 None
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.
25-09-2017 - 17:29 25-09-2017 - 17:29
Back to Top Mark selected
Back to Top