IDCVSSSummaryLast (major) updatePublished
CVE-2017-9265 None
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
29-05-2017 - 00:29 29-05-2017 - 00:29
CVE-2017-9264 None
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be trigg
29-05-2017 - 00:29 29-05-2017 - 00:29
CVE-2017-9263 None
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a
29-05-2017 - 00:29 29-05-2017 - 00:29
CVE-2017-9262 None
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
29-05-2017 - 00:29 29-05-2017 - 00:29
CVE-2017-9261 None
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
29-05-2017 - 00:29 29-05-2017 - 00:29
CVE-2016-10377 None
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control
29-05-2017 - 00:29 29-05-2017 - 00:29
CVE-2017-9252 None
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.
28-05-2017 - 16:29 28-05-2017 - 16:29
CVE-2017-9251 None
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.
28-05-2017 - 16:29 28-05-2017 - 16:29
CVE-2017-9250 None
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application cras
28-05-2017 - 16:29 28-05-2017 - 16:29
CVE-2017-9249 None
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be
28-05-2017 - 16:29 28-05-2017 - 16:29
CVE-2017-9243 None
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.
28-05-2017 - 14:29 28-05-2017 - 14:29
CVE-2017-9232 None
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
27-05-2017 - 20:29 27-05-2017 - 20:29
CVE-2017-7296 None
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That
27-05-2017 - 20:29 27-05-2017 - 20:29
CVE-2017-7295 None
An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL
27-05-2017 - 20:29 27-05-2017 - 20:29
CVE-2016-10376 None
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
27-05-2017 - 20:29 27-05-2017 - 20:29
CVE-2015-9059 None
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.
27-05-2017 - 20:29 27-05-2017 - 20:29
CVE-2017-9242 None
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via craft
26-05-2017 - 21:29 26-05-2017 - 21:29
CVE-2017-7731 None
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
26-05-2017 - 20:29 26-05-2017 - 20:29
CVE-2017-7343 None
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.
26-05-2017 - 20:29 26-05-2017 - 20:29
CVE-2017-7339 None
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.
26-05-2017 - 20:29 26-05-2017 - 20:29
CVE-2017-7338 None
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.
26-05-2017 - 20:29 26-05-2017 - 20:29
CVE-2017-7337 None
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in t
26-05-2017 - 20:29 26-05-2017 - 20:29
CVE-2017-3134 None
An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.
26-05-2017 - 20:29 26-05-2017 - 20:29
CVE-2017-3129 None
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.
26-05-2017 - 20:29 26-05-2017 - 20:29
CVE-2017-3126 None
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
26-05-2017 - 20:29 26-05-2017 - 20:29
CVE-2016-8497 None
An escalation of privilege vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.3 and below allows an attacker to gain root privilege via the subproc file.
26-05-2017 - 20:29 26-05-2017 - 20:29
CVE-2016-8496 None
A potential execution of unauthorized code or commands vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.2 and below allows attacker to potentially overwrite an existing file via the FortiClient log file.
26-05-2017 - 20:29 26-05-2017 - 20:29
CVE-2017-5646 None
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. Wh
26-05-2017 - 17:29 26-05-2017 - 17:29
CVE-2017-9021 None
The vrend_clear dispatch function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted value in "buffers."
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8542 None
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8541 None
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8540 None
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8539 None
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8538 None
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8537 None
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8536 None
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-8535 None
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, a
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2017-6862 None
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NE
26-05-2017 - 16:29 26-05-2017 - 16:29
CVE-2016-10375 None
Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.
26-05-2017 - 13:29 26-05-2017 - 13:29
CVE-2015-0269 None
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
26-05-2017 - 13:29 26-05-2017 - 13:29
CVE-2017-7505 None
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user objec
26-05-2017 - 12:29 26-05-2017 - 12:29
CVE-2017-1325 None
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses
26-05-2017 - 12:29 26-05-2017 - 12:29
CVE-2017-1292 None
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.
26-05-2017 - 12:29 26-05-2017 - 12:29
CVE-2017-1291 None
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This wou
26-05-2017 - 12:29 26-05-2017 - 12:29
CVE-2017-9239 None
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentatio
26-05-2017 - 06:29 26-05-2017 - 06:29
CVE-2017-9037 None
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T1
25-05-2017 - 21:29 25-05-2017 - 21:29
CVE-2017-9036 None
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory.
25-05-2017 - 21:29 25-05-2017 - 21:29
CVE-2017-9035 None
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers.
25-05-2017 - 21:29 25-05-2017 - 21:29
CVE-2017-9034 None
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
25-05-2017 - 21:29 25-05-2017 - 21:29
CVE-2017-9033 None
Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to
25-05-2017 - 21:29 25-05-2017 - 21:29
Back to Top Mark selected
Back to Top