Total
249940 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9569 | 1 Citizensbanktx | 1 Cbtx On The Go | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-7029 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-16784 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | |||||
| CVE-2017-11872 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874. | |||||
| CVE-2017-0896 | 1 Zulip | 1 Zulip Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | |||||
| CVE-2017-12214 | 1 Cisco | 1 Unified Customer Voice Portal | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752. | |||||
| CVE-2014-9312 | 1 10web | 1 Photo Gallery | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | |||||
| CVE-2017-6324 | 1 Symantec | 1 Messaging Gateway | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
| The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application. | |||||
| CVE-2017-1560 | 1 Ibm | 1 Rational Doors Next Generation | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131759. | |||||
| CVE-2017-2275 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-12630 | 1 Apache | 1 Drill | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. | |||||
| CVE-2018-2566 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2023-12-10 | 4.0 MEDIUM | 7.7 HIGH |
| Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized access to critical data or complete access to all Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N). | |||||
| CVE-2016-8731 | 1 Foscam | 2 C1 Webcam, C1 Webcam Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. | |||||
| CVE-2017-13876 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-14302 | 1 Stdutility | 1 Stdu Viewer | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7." | |||||
| CVE-2017-12794 | 1 Djangoproject | 1 Django | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. | |||||
| CVE-2017-11367 | 1 Shoco Project | 1 Shoco | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data. | |||||
| CVE-2017-12982 | 1 Uclouvain | 1 Openjpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. | |||||
| CVE-2017-13872 | 1 Apple | 1 Mac Os X | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name. | |||||
| CVE-2017-15053 | 1 Teampass | 1 Teampass | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php. | |||||