Total
246910 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1000007 | 1 Twistedmatrix | 1 Txaws | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. | |||||
CVE-2017-1363 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856. | |||||
CVE-2017-15373 | 1 Softwarepublico | 1 E-sic | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | |||||
CVE-2017-8536 | 1 Microsoft | 13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | |||||
CVE-2015-3933 | 1 Metalgenix | 1 Genixcms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | |||||
CVE-2017-6638 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability. This vulnerability affects all Cisco AnyConnect Secure Mobility Client for Windows software versions prior to 4.4.02034. Cisco Bug IDs: CSCvc97928. | |||||
CVE-2017-16685 | 1 Sap | 1 Business Warehouse Universal Data Integration | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs. | |||||
CVE-2017-3218 | 1 Samsung | 1 Magician | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. | |||||
CVE-2017-1249 | 1 Ibm | 1 Rhapsody Design Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2017-12293 | 1 Cisco | 1 Webex Meetings Server | 2023-12-10 | 5.0 MEDIUM | 8.6 HIGH |
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the server and exhausting server resources. A successful exploit could cause the server to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf41006. | |||||
CVE-2017-9289 | 1 Note Project | 1 Note | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). | |||||
CVE-2017-7930 | 1 Osisoft | 1 Pi Data Archive | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. | |||||
CVE-2017-2912 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2023-12-10 | 2.6 LOW | 5.9 MEDIUM |
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |||||
CVE-2017-1953 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-5260 | 1 Cambiumnetworks | 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. | |||||
CVE-2017-9336 | 1 Wp Editor.md Project | 1 Wp Editor.md | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. | |||||
CVE-2017-10234 | 1 Oracle | 1 Solaris Cluster | 2023-12-10 | 4.4 MEDIUM | 7.3 HIGH |
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). | |||||
CVE-2017-1319 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. | |||||
CVE-2017-16353 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. | |||||
CVE-2017-10406 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). |