CVE-2016-8951

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838...

Microsoft Office Remote Code Execution Vulnerability - Mac OS X (KB3212224)

This host is missing an important security update according to Microsoft KB3212224 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2017-2144

Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page...

CVE-2017-2146

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu...

CVE-2017-1328

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID:...

IBM WebSphere MQ Denial of Service Vulnerability (CNVD-2017-13819)

IBM MQ formerly known as IBM WebSphere MQ is a messaging middleware product from IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A denial of service vulnerability exists in IBM MQ versions 8.0.0.0 through 8.0.0.5, 9.0.1, and...

BSA-2017-317

Security Advisory ID : BSA-2017-317 Component : Apache Tomcat Revision : 2.0: Interim In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was...

c-ares NAPTR parser out-of-bounds access vulnerability

c-ares is a C library for asynchronous execution of DNS requests and name resolution. A security vulnerability exists in c-ares versions 1.8.0 through 1.12.0. An attacker could exploit the vulnerability to obtain sensitive information or cause a denial of service...

PT-2017-2282 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.11.5 Linux Kernel versions 2.6.23 through 4.11.5 Description: The issue is related to the implementation of the Stack Guard-Page mechanism in the Linux Kernel, which does not properly check the values of...

Eclipse Mosquitto Security Bypass Vulnerability

Eclipse Mosquitto is an open source messaging agent software from the Eclipse Foundation . A security bypass vulnerability exists in Eclipse Mosquitto versions 0.15 through 1.4.11. An attacker can exploit this vulnerability to bypass security restrictions and perform unauthorized operations...

UBUNTU-CVE-2017-0597

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally...

DEBIAN-CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

Joomla! cross-site scripting vulnerability (CNVD-2017-06582)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in Joomla! versions 1.5.0 through 3.6.5. The vulnerability arises due to insufficient filtering of...

F5 SSL Intercept iApp Command Execution Vulnerability

F5 SSL Intercept iApp is a set of templates from F5 USA for configuring security appliances for decrypting SSL traffic outbound in LTM. A security vulnerability exists in F5 SSL Intercept iApp versions 1.5.0 through 1.5.7. A remote attacker could exploit the vulnerability to modify the BIG-IP...

UBUNTU-CVE-2017-3331

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. The supported version that is affected is 5.7.11 to 5.7.17. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2017-05154)

IBM Cognos Analytics formerly known as Cognos BI is a suite of business intelligence software from the American company IBM. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing key factors and key stakeholders. A cross-site...

PT-2017-4061

Name of the Vulnerable Software and Affected Versions jackson-databind versions prior to 2.6.7.1 jackson-databind versions prior to 2.7.9.1 jackson-databind versions prior to 2.8.9 jackson-databind versions 2.0.0 through 2.9.5 Description A deserialization flaw in the jackson-databind library is...

ALPINE-CVE-2017-7234

A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...

atlassian-jwt-auth (>=1.0.9 <=2.8.0), cloudmesh-client (>=4.2.6 <=4.4.0) +44 more potentially affected by CVE-2016-9243 via cryptography (>=0.6.1 <=1.5.2)

cryptography PYPI version =0.6.1, =1.0.9, =4.2.6, =0.9.5, =0.0.1, =0.0.1, =1.1.1, =1.0.2, =1.0.2, =1.0.2, =0.0.1, =0.0.1, =1.0.2, =1.0.3 and more Source cves: CVE-2016-9243 Source advisory: OSV:PYSEC-2017-8...

UBUNTU-CVE-2017-7214

An issue was discovered in exceptionwrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens...