Total
250331 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-7279 | 1 Kankunit | 2 Konke Smart Plug, Konke Smart Plug Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. | |||||
CVE-2017-7885 | 1 Artifex | 1 Jbig2dec | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. | |||||
CVE-2016-9751 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
CVE-2017-0891 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | |||||
CVE-2016-5934 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim. | |||||
CVE-2017-3036 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2016-9228 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
CVE-2017-5979 | 1 Zziplib Project | 1 Zziplib | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | |||||
CVE-2016-2128 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
CVE-2017-4982 | 1 Emc | 1 Mainframe Enablers Resourcepak Base | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
CVE-2009-3682 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none | |||||
CVE-2017-5988 | 1 Netapp | 1 Clustered Data Ontap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2016-9777 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. | |||||
CVE-2017-0885 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages. | |||||
CVE-2016-8652 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. | |||||
CVE-2014-8974 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | |||||
CVE-2017-7994 | 1 Podofo Project | 1 Podofo | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||||
CVE-2016-4686 | 1 Apple | 1 Iphone Os | 2023-12-10 | 3.6 LOW | 4.4 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation. | |||||
CVE-2017-3485 | 1 Oracle | 1 Flexcube Universal Banking | 2023-12-10 | 4.9 MEDIUM | 6.8 MEDIUM |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 6.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H). | |||||
CVE-2016-1161 | 1 Zohocorp | 1 Password Manager Pro | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). |