Total
250637 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0493 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550. | |||||
| CVE-2016-9477 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
| CVE-2017-0339 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-27930566. References: N-CVE-2017-0339. | |||||
| CVE-2017-6181 | 1 Ruby-lang | 1 Ruby | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. | |||||
| CVE-2015-6215 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | |||||
| CVE-2016-8880 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4516. Reason: This candidate is a duplicate of CVE-2011-4516. Notes: All CVE users should reference CVE-2011-4516 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
| CVE-2015-4673 | 1 Clip-bucket | 1 Clipbucket | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php. | |||||
| CVE-2017-7363 | 1 Lucidcrew | 1 Pixie | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. | |||||
| CVE-2016-10067 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. | |||||
| CVE-2017-5865 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. | |||||
| CVE-2017-0149 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037. | |||||
| CVE-2016-9395 | 1 Jasper Project | 1 Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||||
| CVE-2016-8097 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
| CVE-2017-7719 | 1 Web-dorado | 1 Spider Event Calendar | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php. | |||||
| CVE-2017-5875 | 1 Dotcms | 1 Dotcms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | |||||
| CVE-2017-0329 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329. | |||||
| CVE-2016-9553 | 1 Sophos | 1 Web Appliance | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258. | |||||
| CVE-2015-2497 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | |||||
| CVE-2013-3169 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none | |||||
| CVE-2017-8914 | 1 Sap | 1 Hana Xs | 2023-12-10 | 7.5 HIGH | 8.3 HIGH |
| sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. | |||||