VIR Vulnerability Intelligence Relay

Search

Found 2,732 results in 937ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-15374 medium 6.1 7.1 EXP shopware 9y ago Shopware XSS Vulnerability
CVE-2017-15014 medium 4.3 5.3 EXP opentext 9y ago OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardl…
CVE-2017-11823 medium 6.7 7.7 EXP windows windows 9y ago The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microso…
CVE-2017-11785 medium 5.5 6.5 EXP windows windows 9y ago The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1…
CVE-2017-15287 medium 6.1 7.1 EXP bouqueteditor_project 9y ago There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
CVE-2017-15284 medium 5.4 6.4 EXP octobercms 9y ago OctoberCMS Cross-Site Scripting
CVE-2015-2145 medium 4.8 5.8 EXP phpbugtracker_project 9y ago Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2017-15084 medium 6.5 7.5 EXP rapid7 9y ago The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
CVE-2017-14085 medium 5.3 6.3 EXP trendmicro 9y ago Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version a…
CVE-2017-14494 medium 5.9 6.9 EXPFIX arch arch slesdebian debian thekelleys 9y ago dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
CVE-2017-14955 medium 5.9 6.9 EXP checkmk 9y ago Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GU…
CVE-2017-14939 medium 5.5 6.5 EXPFIX debian debian sles gnu 9y ago decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a d…
CVE-2017-14620 medium 6.1 7.1 EXP smartertools 9y ago SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
CVE-2017-14841 medium 6.5 7.5 EXP dasinfomedia 9y ago Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
CVE-2015-4668 medium 6.1 7.1 EXP xceedium 9y ago Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
CVE-2017-14717 medium 5.4 6.4 EXP telaxius 9y ago In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.
CVE-2017-14712 medium 5.4 6.4 EXP telaxius 9y ago In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.
CVE-2017-14619 medium 6.1 7.1 EXP phpmyfaq 9y ago Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
CVE-2017-14618 medium 4.8 5.8 EXP phpmyfaq 9y ago Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
CVE-2015-7347 medium 4.8 5.8 EXP zcms_project 9y ago Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
CVE-2015-2826 medium 5.3 6.3 EXP simple_ads_manager_project 9y ago WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
CVE-2015-4072 medium 5.4 6.4 EXP helpdesk_pro_project 9y ago Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and m…
CVE-2015-4684 medium 6.5 7.5 EXP polycom 9y ago Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modi…
CVE-2015-4682 medium 6.5 7.5 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
CVE-2014-9610 medium 5.3 6.3 EXP netsweeper 9y ago Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user…
CVE-2017-14489 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
CVE-2017-0785 medium 6.5 7.5 EXP 9y ago A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
CVE-2017-8708 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-8687 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-8685 medium 5.5 6.5 EXP windows windows 9y ago Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure…
CVE-2017-8684 medium 5.5 6.5 EXP windows windows 9y ago Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses ke…
CVE-2017-8683 medium 5.5 6.5 EXP windows windows 9y ago Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Serve…
CVE-2017-8681 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-8680 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerab…
CVE-2017-8678 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-8918 medium 5.5 6.5 EXP blackwave 9y ago XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
CVE-2017-3133 medium 6.1 7.1 EXP 9y ago A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
CVE-2017-3132 medium 6.1 7.1 EXP 9y ago A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToke…
CVE-2017-3131 medium 5.4 6.4 EXP 9y ago A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under …
CVE-2017-9095 medium 5.5 6.5 EXP divinglog 9y ago XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
CVE-2017-14219 medium 6.1 7.1 EXP 9y ago XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSu…
CVE-2017-13754 medium 5.4 6.4 EXP wibu 9y ago Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the …
CVE-2017-1130 medium 6.5 7.5 EXP ibm 9y ago IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h…
CVE-2017-1129 medium 6.5 7.5 EXP ibm 9y ago IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213…
CVE-2017-14126 medium 6.1 7.1 EXP xnau 9y ago The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
CVE-2017-14117 medium 5.9 6.9 EXP 9y ago The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows rem…
CVE-2017-3898 medium 5.9 6.9 EXP mcafee 9y ago A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registr…
CVE-2014-8677 medium 5.3 6.3 EXP soplanning 9y ago The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create a…
CVE-2014-8676 medium 5.3 6.3 EXP soplanning 9y ago Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL pa…
CVE-2016-10504 medium 6.5 7.5 EXPFIX slesdebian debian uclouvain 9y ago Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp f…
CVE-2017-9979 medium 6.1 7.1 EXP osnexus 9y ago On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to…
CVE-2017-9978 medium 5.3 6.3 EXP osnexus 9y ago On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this infor…
CVE-2017-12954 medium 6.5 7.5 EXPFIX debian debian libgig0 9y ago The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
CVE-2017-12953 medium 6.5 7.5 EXPFIX debian debian libgig0 9y ago The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
CVE-2017-12952 medium 6.5 7.5 EXPFIX debian debian libgig0 9y ago The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12951 medium 6.5 7.5 EXPFIX debian debian libgig0 9y ago The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a craft…
CVE-2017-12950 medium 6.5 7.5 EXPFIX debian debian linuxsampler 9y ago The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-9640 medium 6.3 7.3 EXP automatedlogiccarrier 9y ago A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC …
CVE-2015-7896 medium 6.5 7.5 EXP 9y ago LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
CVE-2017-12971 medium 6.1 7.1 EXP apache2triad 9y ago Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.
CVE-2017-12984 medium 6.1 7.1 EXP phpmywind 9y ago PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
CVE-2015-4071 medium 5.3 6.3 EXP helpdesk_pro_project 9y ago The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/…
CVE-2017-9767 medium 5.4 6.4 EXP quali 9y ago Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter …
CVE-2017-11664 medium 6.5 7.5 EXPFIX debian debian mindwerks 9y ago The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
CVE-2017-11663 medium 6.5 7.5 EXPFIX debian debian mindwerks 9y ago The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
CVE-2014-5144 medium 5.4 6.4 EXP telescopeapp 9y ago Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.
CVE-2017-8652 medium 6.5 7.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi…
CVE-2017-8644 medium 4.3 5.3 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi…
CVE-2017-10046 medium 5.4 6.4 EXP oracle 9y ago Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1…
CVE-2015-7855 medium 6.5 7.5 EXPFIX debian debian ntpnetapp 9y ago The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a l…
CVE-2017-11320 medium 6.1 7.1 EXP 9y ago Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
CVE-2017-11356 medium 6.5 7.5 EXP pega 9y ago The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by lever…
CVE-2017-11355 medium 6.1 7.1 EXP pega 9y ago Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) …
CVE-2017-11552 medium 6.5 7.5 EXPFIX debian debian underbit 9y ago mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decode…
CVE-2017-11548 medium 5.5 6.5 EXP slesdebian debian xiph 9y ago The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
CVE-2017-11359 medium 5.5 6.5 EXPFIX arch archdebian debian sound_exchange_project 9y ago The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conve…
CVE-2017-11358 medium 5.5 6.5 EXPFIX slesarch archdebian debian sound_exchange_project 9y ago The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
CVE-2017-11333 medium 5.5 6.5 EXPFIX arch arch slesdebian debian xiph.org 9y ago The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
CVE-2017-11332 medium 5.5 6.5 EXPFIX arch archdebian debian sound_exchange_project 9y ago The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
CVE-2017-11331 medium 5.5 6.5 EXPFIX arch arch slesdebian debian xiph 9y ago The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.
CVE-2017-11330 medium 5.5 6.5 EXP divfix 9y ago The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted avi fil…
CVE-2017-9412 medium 5.5 6.5 EXPFIX arch archdebian debian lame_project 9y ago The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
CVE-2017-9260 medium 5.5 6.5 EXPFIX debian debian surina 9y ago The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application c…
CVE-2017-9259 medium 5.5 6.5 EXPFIX debian debian surina 9y ago The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application cra…
CVE-2017-9258 medium 5.5 6.5 EXPFIX debian debian surina 9y ago The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wa…
CVE-2015-5594 medium 6.1 7.1 EXP zenphoto 9y ago The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a…
CVE-2017-9554 medium 5.3 6.3 EXP 9y ago An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
CVE-2017-7064 medium 5.5 6.5 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe…
CVE-2017-9813 medium 6.1 7.1 EXP kaspersky 9y ago In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site sc…
CVE-2017-8564 medium 5.5 6.5 EXP windows windows 9y ago Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server …
CVE-2017-7950 medium 5.5 6.5 EXP gonitro 9y ago Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.
CVE-2017-10803 medium 6.5 7.5 EXPFIX debian debian odoo 9y ago In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated pr…
CVE-2015-7898 medium 5.5 6.5 EXP 9y ago Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVE-2015-7895 medium 5.5 6.5 EXP 9y ago Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVE-2017-9936 medium 6.5 7.5 EXPFIX slesdebian debianubuntu ubuntu libtiff 9y ago In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
CVE-2017-9869 medium 5.5 6.5 EXPFIX arch archdebian debian lame_project 9y ago The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application cr…
CVE-2017-3631 medium 5.3 6.3 EXP 9y ago Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privilege…
CVE-2017-3630 medium 5.3 6.3 EXP 9y ago Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low pri…
CVE-2017-7918 medium 6.8 7.8 EXP 9y ago An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups u…
CVE-2017-9130 medium 5.5 6.5 EXPFIX debian debian freeware_advanced_audio_coder_project 9y ago The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted…