Total
67319 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2643 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In Moodle 3.2.x, global search displays user names for unauthenticated users. | |||||
CVE-2016-7467 | 1 F5 | 1 Big-ip Access Policy Manager | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector. | |||||
CVE-2017-0548 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605. | |||||
CVE-2017-6437 | 1 Libplist Project | 1 Libplist | 2023-12-10 | 1.9 LOW | 5.0 MEDIUM |
The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file. | |||||
CVE-2016-9810 | 1 Gstreamer | 1 Gstreamer | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. | |||||
CVE-2016-7842 | 1 Hibara | 1 Attachecase | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | |||||
CVE-2014-9853 | 6 Canonical, Imagemagick, Novell and 3 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | |||||
CVE-2017-7644 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541. | |||||
CVE-2017-2116 | 1 Cybozu | 1 Office | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. | |||||
CVE-2016-7111 | 1 Mantisbt | 1 Mantisbt | 2023-12-10 | 2.6 LOW | 4.7 MEDIUM |
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
CVE-2015-8750 | 1 Libdwarf Project | 1 Libdwarf | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. | |||||
CVE-2017-7387 | 1 Helpmewatchwho Project | 1 Helpmewatchwho | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). | |||||
CVE-2017-3822 | 1 Cisco | 1 Firepower Threat Defense | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0. | |||||
CVE-2017-3456 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2016-9985 | 1 Ibm | 1 Cognos Business Intelligence | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671. | |||||
CVE-2017-0027 | 1 Microsoft | 3 Excel, Office Compatibility Pack, Sharepoint Server | 2023-12-10 | 2.6 LOW | 4.7 MEDIUM |
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||
CVE-2016-9406 | 1 Mybb | 2 Merge System, Mybb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-5212 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page. | |||||
CVE-2016-8795 | 1 Huawei | 12 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 9 more | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset. | |||||
CVE-2016-5364 | 1 Mantisbt | 1 Mantisbt | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. |