765 matches found
CVE-2017-6658
Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem...
USN-3240-1 nvidia-graphics-drivers-304, nvidia-graphics-drivers-340, nvidia-graphics-drivers-375 vulnerability
It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service...
CVE-2017-6402
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur...
Unspecified Vulnerability in Oracle FLEXCUBE Universal Banking (CNVD-2017-00949)
Oracle FLEXCUBE Universal Banking is the United States Oracle Oracle company's set of real-time, online coverage of retail, group, investment banking, a comprehensive solution. The program supports multi-currency, multi-language and multi-entity operations. A remote security vulnerability exists ...
Red Hat OpenShift Enterprise Remote Denial of Service Vulnerability
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. A remote denial of service vulnerability exists in Red Hat OpenShift Enterprise...
Stored Cross-Site Scripting Vulnerability in 50CMS V3.0
50CMS is an open source content management system for software developers, program enthusiasts, and web designers. A stored cross-site scripting vulnerability exists in 50CMS V3.0. Due to the lack of security filtering of form inputs, an attacker can exploit the vulnerability to write arbitrary...
CVE-2016-6418
Cross-site scripting XSS vulnerability in Cisco Videoscape Distribution Suite Service Manager VDS-SM 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552...
CVE-2016-6645
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the 1 GeneralCmdRequest, 2 PersistantDataRequest, or 3...
PT-2020-6949 · Zabbix +4 · Zabbix +4
Name of the Vulnerable Software and Affected Versions: Zabbix versions 3.0.0 through 3.0.32rc1 Zabbix versions 4.0.0 through 4.0.22rc1 Zabbix versions 4.1.x through 4.4.x before 4.4.10rc1 Zabbix versions 5.x before 5.0.2rc1 Description: The issue is related to the lack of protection of the web pa...
CVE-2016-3468
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install...
Unspecified Vulnerability in Oracle Fusion Middleware Business GlassFish Server
Oracle Fusion Middleware is a comprehensive middleware portfolio of SOA and middleware products. A security vulnerability exists in Oracle Fusion Middleware versions 2.1.1, 3.0.1, GlassFish Server component, which can be exploited by remote attackers to compromise confidentiality...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05391)
Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier, which can be exploited by an authenticated, local attacker to affect availability...
LOCKON EC-CUBE Access Privilege Vulnerability (CNVD-2016-02686)
LOCKON EC-CUBE is an open source e-commerce website building platform developed by Japan LOCKON Co. The platform supports product login, user evaluation, artwork layout and so on. An access privilege vulnerability exists in LOCKON EC-CUBE versions 3.0.0 through 3.0.9. A remote attacker can exploi...
LOCKON EC-CUBE Cross-Site Request Forgery Vulnerability (CNVD-2016-02684)
LOCKON EC-CUBE is an open source e-commerce website building platform developed by Japan LOCKON Co. The platform supports product login, user evaluation, artwork layout and so on. A cross-site request forgery vulnerability exists in LOCKON EC-CUBE versions 3.0.0 through 3.0.9. An attacker can...
PHPBack SQL Injection Vulnerability
PHPback is an open source web application feedback system that provides users with feedback on issues and suggestions to help improve the site. A SQL injection vulnerability exists in the 'orderby' parameter in PHPBack version 3.0. Allow attackers to exploit the vulnerability to modify the conten...
CVE-2016-0147
Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."...
Cisco ACE 4710 Application Control Engine Command Injection Vulnerability
Cisco ACE 4710 Application Control Engine is the United States Cisco Cisco a set of ACE application switch series and used to increase the security and stability of data center applications load balancing and application delivery solutions. A command injection vulnerability exists in the Cisco AC...
Microsoft Active Directory Federated Authentication Service Denial of Service Vulnerability
Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. Microsoft Active Directory Federation Services ADFS is an Active Directory Federation Service that runs on Windows systems. The service provides Web Single Sign-On SSO technology, which enables...
PT-2017-6869 · Project Jupyter +3 · Python +3
Name of the Vulnerable Software and Affected Versions: IPython versions 2.0 through 2.4.0 IPython versions 3.0 through 3.2.2 Description: Cross-site request forgery in the REST API is possible. IPython is a command shell, and this issue affects its REST API. Recommendations: For IPython versions...
Cisco TelePresence Collaboration Desk and Room Endpoints TC Software Open Redirect Vulnerability
Cisco TelePresence is a telepresence conferencing solution developed by Cisco. An open redirection vulnerability exists in the login page of Cisco TC Software versions prior to 6.3-26 and prior to 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints appliances, which could allow an...