Total
250331 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6601 | 1 Zohocorp | 1 Webnms Framework | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. | |||||
CVE-2017-0144 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | |||||
CVE-2016-6648 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system. | |||||
CVE-2016-7696 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
CVE-2006-4703 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none | |||||
CVE-2017-6642 | 1 Cisco | 1 Remote Expert Manager | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856. | |||||
CVE-2016-7939 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions. | |||||
CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
Session fixation vulnerability in pcsd in pcs before 0.9.157. | |||||
CVE-2016-5035 | 1 Libdwarf Project | 1 Libdwarf | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
CVE-2017-2128 | 1 Information-technology Promotion Agency | 1 Introduction To Safe Website Operation | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | |||||
CVE-2016-2710 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
CVE-2016-8321 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
CVE-2017-2533 | 1 Apple | 1 Mac Os X | 2023-12-10 | 7.6 HIGH | 7.0 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2017-6059 | 1 Openidc | 1 Mod Auth Openidc | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request. | |||||
CVE-2017-6550 | 1 Kinsey | 1 Infor-lawson | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. | |||||
CVE-2016-1876 | 1 Lenovo | 1 Solution Center | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. | |||||
CVE-2017-7485 | 1 Postgresql | 1 Postgresql | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. | |||||
CVE-2016-7463 | 1 Vmware | 1 Esxi | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. | |||||
CVE-2017-3246 | 1 Oracle | 1 Application Object Library | 2023-12-10 | 3.2 LOW | 6.0 MEDIUM |
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts). | |||||
CVE-2017-7850 | 1 Tenable | 1 Nessus | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. |