Total
249088 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-9005 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | |||||
CVE-2017-15249 | 1 Irfanview | 2 Irfanview, Pdf | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6." | |||||
CVE-2017-14618 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | |||||
CVE-2014-6027 | 1 Torrentflux Project | 1 Torrentflux | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details. | |||||
CVE-2017-17863 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact. | |||||
CVE-2017-14140 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR. | |||||
CVE-2017-16739 | 1 We-con | 2 Levistudio Hmi Editor, Levistudio Hmi Editor Firmware | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution. | |||||
CVE-2017-9613 | 1 Sap | 1 Successfactors | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. | |||||
CVE-2014-9969 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. | |||||
CVE-2014-8336 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement. | |||||
CVE-2017-13037 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). | |||||
CVE-2017-6320 | 1 Barracuda | 1 Load Balancer Adc | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. | |||||
CVE-2015-1866 | 1 Emberjs | 1 Ember.js | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2. | |||||
CVE-2017-10905 | 1 Qt | 1 Qt | 2023-12-10 | 6.8 MEDIUM | 5.3 MEDIUM |
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. | |||||
CVE-2017-13752 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2017-12586 | 1 Slims | 1 Akasia | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users. | |||||
CVE-2017-13671 | 1 Misp | 1 Misp | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. | |||||
CVE-2017-11133 | 1 Stashcat | 1 Heinekingmedia | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random() in previous versions and with CryptoJS.lib.WordArray.random() in newer versions, which uses math.random() internally. This is not cryptographically strong. | |||||
CVE-2017-1858 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-10162 | 1 Oracle | 1 Siebel Core-server Framework | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Core - Server Framework accessible data as well as unauthorized read access to a subset of Siebel Core - Server Framework accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). |