Total
65901 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2136 | 1 Wp Statistics | 1 Wp Statistics | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | |||||
| CVE-2017-8354 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-6297 | 1 Mikrotik | 1 Routeros | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. | |||||
| CVE-2016-2803 | 1 Mozilla | 1 Bugzilla | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2015-8862 | 1 Mustache.js Project | 1 Mustache.js | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | |||||
| CVE-2017-6440 | 1 Libplist Project | 1 Libplist | 2023-12-10 | 1.9 LOW | 5.0 MEDIUM |
| The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. | |||||
| CVE-2014-9816 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. | |||||
| CVE-2017-3828 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). | |||||
| CVE-2016-6622 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-9457 | 1 Revive-adserver | 1 Revive Adserver | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others. | |||||
| CVE-2015-6035 | 1 Opsview | 1 Opsview | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opsview before 2015-11-06 has XSS via SNMP. | |||||
| CVE-2017-8942 | 1 Yottamark Inc. | 1 Shopwell - Healthy Diet \& Grocery Food Scanner | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-6606 | 1 Cisco | 1 Ios Xe | 2023-12-10 | 6.9 MEDIUM | 6.4 MEDIUM |
| A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E. | |||||
| CVE-2016-7392 | 1 Autotrace Project | 1 Autotrace | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file. | |||||
| CVE-2017-0421 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637. | |||||
| CVE-2017-7378 | 1 Podofo Project | 1 Podofo | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. | |||||
| CVE-2016-4030 | 1 Samsung | 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
| Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301. | |||||
| CVE-2017-8458 | 1 Brave | 1 Brave | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. | |||||
| CVE-2016-8916 | 1 Ibm | 1 Tivoli Storage Manager | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. | |||||
| CVE-2017-7262 | 1 Amd | 1 Ryzen | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. | |||||