VIR Vulnerability Intelligence Relay

Search

Found 2,911 results in 468ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-9554 medium 5.3 6.3 EXP 9y ago An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
CVE-2017-7064 medium 5.5 6.5 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe…
CVE-2017-9813 medium 6.1 7.1 EXP kaspersky 9y ago In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site sc…
CVE-2017-8564 medium 5.5 6.5 EXP windows windows 9y ago Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server …
CVE-2017-7950 medium 5.5 6.5 EXP gonitro 9y ago Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.
CVE-2017-10803 medium 6.5 7.5 EXPFIX debian debian odoo 9y ago In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated pr…
CVE-2015-7898 medium 5.5 6.5 EXP 9y ago Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVE-2015-7895 medium 5.5 6.5 EXP 9y ago Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVE-2017-9936 medium 6.5 7.5 EXPFIX slesdebian debianubuntu ubuntu libtiff 9y ago In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
CVE-2017-9869 medium 5.5 6.5 EXPFIX arch archdebian debian lame_project 9y ago The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application cr…
CVE-2017-3631 medium 5.3 6.3 EXP 9y ago Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privilege…
CVE-2017-3630 medium 5.3 6.3 EXP 9y ago Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low pri…
CVE-2017-7918 medium 6.8 7.8 EXP 9y ago An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups u…
CVE-2017-9130 medium 5.5 6.5 EXPFIX debian debian freeware_advanced_audio_coder_project 9y ago The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted…
CVE-2017-9129 medium 5.5 6.5 EXPFIX debian debian audiocoding 9y ago The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file.
CVE-2017-1000373 medium 6.5 7.5 EXP freebsd freebsd 9y ago The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allo…
CVE-2017-8550 medium 5.4 6.4 EXP microsoft 9y ago A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
CVE-2017-8492 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8491 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8490 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8489 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8488 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8485 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8484 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8483 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8482 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8481 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8480 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8479 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8478 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8477 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8476 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8473 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafte…
CVE-2017-8472 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initiali…
CVE-2017-8471 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8470 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8469 medium 5.5 6.5 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an…
CVE-2017-8462 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-0300 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-0299 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-0289 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0288 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0287 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0286 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0285 medium 5.0 6.0 EXP windows windows microsoft 9y ago Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office …
CVE-2017-0284 medium 5.0 6.0 EXP windows windows microsoft 9y ago Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office …
CVE-2017-0282 medium 5.0 6.0 EXP windows windows microsoft 9y ago Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office …
CVE-2017-9128 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 …
CVE-2017-9127 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted …
CVE-2017-9126 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
CVE-2017-9125 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
CVE-2017-9124 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
CVE-2017-9123 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9122 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
CVE-2017-8871 medium 6.5 7.5 EXP slessuse suse gnome 9y ago The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVE-2017-9516 medium 5.4 6.4 EXP craftcms 9y ago Craft CMS XSS Vulnerability
CVE-2017-4905 medium 5.5 6.5 EXP macos macos vmware 9y ago VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch …
CVE-2016-9834 medium 6.1 7.1 EXP 9y ago An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is …
CVE-2017-8840 medium 5.3 6.3 EXP 9y ago Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request t…
CVE-2017-8839 medium 6.1 7.1 EXP 9y ago XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/p…
CVE-2017-8838 medium 6.1 7.1 EXP 9y ago XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/H…
CVE-2017-1000367 medium 6.4 7.4 EXPFIX slesarch archdebian debian sudo_project 9y ago Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
CVE-2017-8537 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2017-8536 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2017-8535 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2017-9150 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which all…
CVE-2017-9147 medium 6.5 7.5 EXPFIX slesdebian debian libtiff 9y ago LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.
CVE-2017-4916 medium 6.5 7.5 EXP vmware 9y ago VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privilege…
CVE-2017-6982 medium 5.5 6.5 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.
CVE-2017-2528 medium 6.1 7.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un…
CVE-2017-2516 medium 5.0 6.0 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c…
CVE-2017-2510 medium 6.1 7.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un…
CVE-2017-2509 medium 5.5 6.5 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c…
CVE-2017-2508 medium 6.1 7.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un…
CVE-2017-2504 medium 6.1 7.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-7620 medium 6.5 7.5 EXP mantisbt 9y ago MantisBT vulnerable to CSRF and Open Redirect attacks
CVE-2017-8382 medium 4.5 5.5 EXP admidio 9y ago admidio CSRF Vulnerability
CVE-2017-7953 medium 5.4 6.4 EXP infor 9y ago INFOR EAM V11.0 Build 201410 has XSS via comment fields.
CVE-2017-0259 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive info…
CVE-2017-0258 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server …
CVE-2017-0245 medium 4.7 5.7 EXP windows windows 9y ago The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain ker…
CVE-2017-0220 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, …
CVE-2017-0175 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Inform…
CVE-2017-7472 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring cal…
CVE-2017-8295 medium 5.9 6.9 EXPFIX debian debian wordpress 9y ago WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?ac…
CVE-2016-5810 medium 4.9 5.9 EXP advantech 9y ago upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
CVE-2016-5063 medium 5.3 6.3 EXP bmc 9y ago The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vecto…
CVE-2017-5631 medium 6.1 7.1 EXP kmc_information_systems 9y ago An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
CVE-2017-3548 medium 6.5 7.5 EXP oracle 9y ago Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "expl…
CVE-2017-3546 medium 6.5 7.5 EXP oracle 9y ago Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "…
CVE-2017-3528 medium 5.4 6.4 EXP oracle 9y ago Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.…
CVE-2015-0107 medium 6.5 7.5 EXP ibm 9y ago IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol…
CVE-2017-7938 medium 6.6 7.6 EXPFIX debian debian mor-pah.net 9y ago Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other i…
CVE-2017-7896 medium 6.1 7.1 EXP trendmicro 9y ago Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
CVE-2015-8256 medium 6.1 7.1 EXP 9y ago Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
CVE-2016-5312 medium 6.5 7.5 EXP symantec 9y ago Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn paramete…
CVE-2016-5310 medium 5.5 6.5 EXP broadcomsymantec 9y ago The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec …
CVE-2016-5309 medium 5.5 6.5 EXP broadcomsymantec 9y ago The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec …
CVE-2017-7457 medium 5.0 6.0 EXP moxa 9y ago XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
CVE-2017-7725 medium 6.1 7.1 EXP concretecms 9y ago Concrete CMS vulnerable to cross-site scripting (XSS)