Lucene search
+L

2244 matches found

OSV
OSV
added 2017/04/24 6:59 p.m.4 views

CVE-2017-5191

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header...

6.1CVSS5.8AI score0.00679EPSS
Exploits0References2
CNVD
CNVD
added 2017/04/18 12:0 a.m.7 views

ARM Trusted Firmware Integer Overflow Vulnerability

ARM Trusted Firmware is a set of interface standards that provide an ARMv8-A secure software implementation. A security vulnerability exists in ARM Trusted Firmware versions 1.2 and 1.3. An attacker could exploit the vulnerability to copy larger data to secure memory...

5.9CVSS6.8AI score0.01598EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/13 12:0 a.m.5 views

Synology Photo Station Security Bypass Vulnerability

Synology Photo Station is a Synology solution for sharing pictures, videos and blogs over the Internet. A security bypass vulnerability exists in Synology Photo Station versions prior to 6.3-2958. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending an...

8.8CVSS7.6AI score0.01942EPSS
Exploits1References1
CNVD
CNVD
added 2017/04/12 12:0 a.m.3 views

SolarWinds Log and Event Manager Command Execution Vulnerability

SolarWinds Log and Event Manager LEM is a log and event manager from SolarWinds, Inc. that provides real-time log analysis, memory event correlation, and threat attack response. A security vulnerability exists in SolarWinds LEM versions prior to 6.3.1 Hotfix 4. An attacker can exploit the...

8.8CVSS7.3AI score0.02875EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/04/12 12:0 a.m.9 views

PT-2017-2348 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.3 Description: The issue is related to the mm subsystem in the Linux kernel, which does not properly enforce the CONFIG STRICT DEVMEM protection mechanism. This allows local users to read or write to kernel...

10CVSS7AI score0.84172EPSS
Exploits76References503
OSV
OSV
added 2017/04/10 7:59 p.m.2 views

CVE-2016-8235

Privilege escalation in Lenovo Customer Care Software Development Kit CCSDK versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges...

7.8CVSS5.9AI score0.00417EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2017/04/02 1:36 a.m.5 views

CVE-2017-2404

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016...

7.3AI score0.01436EPSS
Exploits0References4
CNVD
CNVD
added 2017/03/31 12:0 a.m.6 views

Apple iOS Pasteboard Component Key Encryption Vulnerability

Apple iOS is an operating system for mobile devices developed by Apple Inc. Pasteboard is a secure and standardized mechanism for exchanging data within and between applications. A security vulnerability exists in the Pasteboard component of Apple iOS versions prior to 10.3. An attacker could...

4.6CVSS6.3AI score0.00142EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/31 12:0 a.m.5 views

Apple iOS Accounts Component Authentication Prompt Vulnerability

Apple iOS is an operating system developed by Apple Inc. for mobile devices, and Accounts is one of the user account components. A security vulnerability exists in the Accounts component of Apple iOS versions prior to 10.3. The vulnerability can be exploited by an attacker to view an Apple ID fro...

2.4CVSS6.4AI score0.00369EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/31 12:0 a.m.7 views

Apple iOS DataAccess Component Input Validation Vulnerability

Apple iOS is a set of operating systems developed by Apple for mobile devices, of which DataAccess is a data access component. A security vulnerability exists in the DataAccess component in Apple iOS versions prior to 10.3. A remote attacker could exploit this vulnerability to access Exchange...

5.3CVSS6.4AI score0.01931EPSS
Exploits0References1
OSV
OSV
added 2017/03/30 5:59 p.m.1 views

CVE-2017-6182

In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304...

9.8CVSS5.8AI score0.16555EPSS
Exploits2References4
OSV
OSV
added 2017/03/27 10:59 p.m.5 views

CVE-2016-9737

IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1996200...

5.4CVSS5.4AI score0.00538EPSS
Exploits0References2
OSV
OSV
added 2017/03/27 3:59 p.m.3 views

CVE-2017-6878

Cross-site scripting XSS vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name2 parameter to admin/column/delete.php...

5.4CVSS5.9AI score0.00959EPSS
Exploits3References3
CNVD
CNVD
added 2017/03/21 12:0 a.m.5 views

Cagintranet Networks GetSimple CMS Information Disclosure Vulnerability

Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A security vulnerability exists in Cagintranet Networks GetSimple CMS version 3.3....

5.3CVSS6.8AI score0.01178EPSS
Exploits1References1
OSV
OSV
added 2017/03/17 10:59 p.m.5 views

CVE-2017-3815

An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prio...

5.3CVSS5.8AI score0.01016EPSS
Exploits0References3
CNVD
CNVD
added 2017/03/13 12:0 a.m.4 views

Reflective cross-site scripting vulnerability in multiple parameters of DuoDuo Rebate System V8.3_UTF8 official version

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuoRebate.com system V8.3UTF8 official version February 10, 2017 There is a reflective cross-site scripting vulnerability. Due to the code parameter , ddusername...

5.9AI score
Exploits0
OSV
OSV
added 2017/03/08 12:59 a.m.4 views

CVE-2017-6518

Cross-site scripting XSS vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter...

6.1CVSS5.9AI score0.00777EPSS
Exploits1References2
OSV
OSV
added 2017/03/06 2:59 a.m.4 views

DEBIAN-CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

6.1CVSS6.9AI score0.00673EPSS
Exploits0References1
OSV
OSV
added 2017/02/17 2:59 a.m.2 views

DEBIAN-CVE-2016-9139

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment...

6.1CVSS5.8AI score0.00816EPSS
Exploits0References1
OSV
OSV
added 2017/02/17 2:59 a.m.3 views

UBUNTU-CVE-2016-9139

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment...

6.1CVSS6.5AI score0.00816EPSS
Exploits0References4
Rows per page
Query Builder