Total
249088 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-17578 | 1 Crowdfunding Script Project | 1 Crowdfunding Script | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | |||||
CVE-2015-9248 | 1 Skyboxsecurity | 1 Skybox Platform | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager. | |||||
CVE-2017-10207 | 1 Oracle | 1 Hospitality Simphony | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Utilities). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2017-10711 | 1 Simplerisk | 1 Simplerisk | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter. | |||||
CVE-2017-9628 | 1 Saia Burgess Controls | 2 Pcd Controllers, Pcd Controllers Firmware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents. | |||||
CVE-2017-7180 | 1 Eduiq | 1 Net Monitor For Employees | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application. | |||||
CVE-2017-8570 | 1 Microsoft | 1 Office | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243. | |||||
CVE-2017-2075 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-12780 | 1 Matroska | 3 Libebml2, Mkclean, Mkvalidator | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file. | |||||
CVE-2017-14696 | 1 Saltstack | 1 Salt | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | |||||
CVE-2018-2561 | 1 Oracle | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2017-5109 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. | |||||
CVE-2017-1884 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-6700 | 1 Cisco | 1 Prime Infrastructure | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | |||||
CVE-2017-10771 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510." | |||||
CVE-2012-2805 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | |||||
CVE-2017-14056 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. | |||||
CVE-2016-9738 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. | |||||
CVE-2014-3471 | 1 Qemu | 1 Qemu | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. | |||||
CVE-2017-4922 | 1 Vmware | 1 Vcenter Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted. |