CVE Daily
← All years

Uncategorized 2017

Page 19/20.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2017-01-27
High

CVE-2017-3290

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Ea…

CVSS: 7.9CWE: N/A
Read more
Critical

CVE-2017-3289

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily…

CVSS: 9.6CWE: N/A
Read more
High

CVE-2017-3287

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.…

CVSS: 8.2CWE: N/A
Read more
Medium

CVE-2017-3286

Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily…

CVSS: 6.0CWE: N/A
Read more
High

CVE-2017-3285

Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3284

Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2CWE: N/A
Read more
Medium

CVE-2017-3282

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12…

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2017-3281

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12…

CVSS: 4.7CWE: N/A
Read more
High

CVE-2017-3279

Vulnerability in the Oracle Leads Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitabl…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3278

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation). The supported version that is affected is 12.1.3. Easily exploitable vuln…

CVSS: 8.2CWE: N/A
Read more
Medium

CVE-2017-3276

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit…

CVSS: 5.7CWE: N/A
Read more
High

CVE-2017-3275

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 a…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2017-3274

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 a…

CVSS: 8.2CWE: N/A
Read more
Critical

CVE-2017-3272

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111…

CVSS: 9.6CWE: N/A
Read more
High

CVE-2017-3271

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitab…

CVSS: 8.6CWE: N/A
Read more
High

CVE-2017-3270

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitabl…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2017-3269

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitabl…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2017-3268

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitabl…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2017-3267

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitabl…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2017-3266

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitabl…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2017-3265

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier.…

CVSS: 5.6CWE: N/A
Read more
Low

CVE-2017-3264

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Difficult to exploit vulnerability allows low privileg…

CVSS: 3.1CWE: N/A
Read more
High

CVE-2017-3263

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Team Member). Supported versions that are affected are 8.2, 8.3,…

CVSS: 8.1CWE: N/A
Read more
Medium

CVE-2017-3262

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauth…

CVSS: 5.3CWE: N/A
Read more
Medium

CVE-2017-3261

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u11…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2017-3260

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthentica…

CVSS: 8.3CWE: N/A
Read more
Low

CVE-2017-3259

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allow…

CVSS: 3.7CWE: N/A
Read more
High

CVE-2017-3253

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u1…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2017-3252

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8…

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2017-3251

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows hig…

CVSS: 4.9CWE: N/A
Read more
High

CVE-2017-3249

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulner…

CVSS: 7.3CWE: N/A
Read more
Critical

CVE-2017-3248

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1.…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2017-3247

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerabil…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2017-3246

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.…

CVSS: 6.0CWE: N/A
Read more
Medium

CVE-2017-3244

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2017-3243

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows hi…

CVSS: 4.4CWE: N/A
Read more
Medium

CVE-2017-3238

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier.…

CVSS: 6.5CWE: N/A
Read more
Low

CVE-2017-3235

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2016-8329

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Eas…

CVSS: 6.1CWE: CWE-254
Read more
Low

CVE-2016-8328

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unau…

CVSS: 3.7CWE: N/A
Read more
Medium

CVE-2016-8327

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to explo…

CVSS: 4.4CWE: N/A
Read more
Medium

CVE-2016-8318

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily ex…

CVSS: 6.8CWE: N/A
Read more
Low

CVE-2016-8314

Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult…

CVSS: 3.1CWE: CWE-254
Read more
High

CVE-2016-8310

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.…

CVSS: 7.3CWE: CWE-254
Read more
Medium

CVE-2016-8308

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2016-8306

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0…

CVSS: 5.4CWE: CWE-254
Read more
Medium

CVE-2016-8303

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.…

CVSS: 6.1CWE: CWE-254
Read more
Medium

CVE-2016-8301

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2016-6264

Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the m…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2016-5623

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2…

CVSS: 5.4CWE: CWE-254
Read more
High

CVE-2016-5590

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerab…

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2016-5552

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embed…

CVSS: 5.3CWE: N/A
Read more
Medium

CVE-2016-5549

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easil…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-5548

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-5547

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u1…

CVSS: 5.3CWE: N/A
Read more
High

CVE-2016-5546

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedd…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2016-5545

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily explo…

CVSS: 6.3CWE: CWE-254
Read more
Medium

CVE-2016-5541

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. D…

CVSS: 4.8CWE: N/A
Read more
Critical

CVE-2016-5528

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vuln…

CVSS: 9.0CWE: N/A
Read more
Low

CVE-2016-5509

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0…

CVSS: 3.1CWE: N/A
Read more
High

CVE-2016-5822

Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets.

CVSS: 7.5CWE: CWE-399
Read more
Low

CVE-2016-1551

ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference cloc…

CVSS: 3.7CWE: CWE-254
Read more
2017-01-26
Medium

CVE-2016-8226

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.

CVSS: 4.9CWE: CWE-19
Read more
High

CVE-2016-10013

Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.

CVSS: 7.8CWE: CWE-264
Read more
Medium

CVE-2017-3804

A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent…

CVSS: 6.1CWE: N/A
Read more
Medium

CVE-2016-9221

A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attack…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2016-9220

A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the co…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2016-9216

An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More…

CVSS: 5.3CWE: CWE-399
Read more
2017-01-25
Critical

CVE-2016-9305

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain acce…

CVSS: 9.8CWE: CWE-19
Read more
Medium

CVE-2016-8214

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.

CVSS: 6.7CWE: CWE-275
Read more
2017-01-24
High

CVE-2016-10158

The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via…

CVSS: 7.5CWE: CWE-189
Read more
2017-01-23
High

CVE-2016-9386

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-9382

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a gue…

CVSS: 7.8CWE: CWE-264
Read more
Critical

CVE-2016-9081

Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.

CVSS: 9.8CWE: CWE-255
Read more
High

CVE-2016-9012

CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/cons…

CVSS: 8.8CWE: CWE-264
Read more
High

CVE-2016-7037

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attac…

CVSS: 7.5CWE: CWE-361
Read more
Critical

CVE-2016-7036

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

CVSS: 9.8CWE: CWE-361
Read more
Critical

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specificat…

CVSS: 9.1CWE: CWE-254
Read more
Critical

CVE-2016-6223

The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a…

CVSS: 9.1CWE: CWE-189
Read more
High

CVE-2016-6160

tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.

CVSS: 7.5CWE: CWE-399
Read more
Medium

CVE-2016-5876

ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.

CVSS: 5.9CWE: CWE-264
Read more
High

CVE-2016-5720

Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) c…

CVSS: 7.8CWE: CWE-264
Read more
Medium

CVE-2016-5237

Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse…

CVSS: 4.8CWE: CWE-264
Read more
High

CVE-2016-5091

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

CVSS: 8.1CWE: CWE-254
Read more
High

CVE-2016-4340

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as…

CVSS: 8.8CWE: CWE-264
Read more
Critical

CVE-2016-2783

Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attack…

CVSS: 9.8CWE: CWE-19
Read more
Medium

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.

CVSS: 5.3CWE: N/A
Read more
High

CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."

CVSS: 7.5CWE: CWE-399
Read more
Critical

CVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possi…

CVSS: 9.8CWE: CWE-254
Read more
High

CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2015-4626

B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.

CVSS: 7.5CWE: CWE-189
Read more
High

CVE-2016-10156

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Th…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-10103

Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for G…

CVSS: 8.1CWE: CWE-255
Read more
High

CVE-2016-10101

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Pa…

CVSS: 8.1CWE: CWE-255
Read more
2017-01-20
Medium

CVE-2016-8644

In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.

CVSS: 5.3CWE: CWE-264
Read more
2017-01-19
High

CVE-2016-10075

The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.

CVSS: 7.8CWE: CWE-17
Read more
Medium

CVE-2016-9650

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a…

CVSS: 4.3CWE: CWE-19
Read more
Medium

CVE-2016-5225

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Poli…

CVSS: 4.3CWE: CWE-19
Read more
Medium

CVE-2016-5224

A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote atta…

CVSS: 4.3CWE: CWE-189
Read more
Medium

CVE-2016-5214

Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.

CVSS: 4.3CWE: CWE-19
Read more
High

CVE-2016-5196

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any d…

CVSS: 8.8CWE: CWE-254
Read more
2017-01-18
High

CVE-2016-6497

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all searc…

CVSS: 7.5CWE: CWE-254
Read more
High

CVE-2016-6271

The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.

CVSS: 7.5CWE: CWE-254
Read more
High

CVE-2016-4019

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2016-3414

Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029.

CVSS: 6.5CWE: N/A
Read more
High

CVE-2016-3413

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2016-3405

Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2016-3404

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2016-3402

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2016-3401

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.

CVSS: 6.5CWE: N/A
Read more
High

CVE-2016-10086

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions…

CVSS: 8.1CWE: CWE-264
Read more
Medium

CVE-2016-10148

The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authen…

CVSS: 4.3CWE: CWE-254
Read more
High

CVE-2016-6527

The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-6526

The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9910

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: CWE-264
Read more
High

CVE-2014-9909

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: CWE-264
Read more
2017-01-17
High

CVE-2017-5521

An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simpl…

CVSS: 8.1CWE: N/A
Read more
2017-01-14
High

CVE-2016-10142

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security…

CVSS: 8.6CWE: CWE-17
Read more
2017-01-13
High

CVE-2010-5327

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.

CVSS: 8.8CWE: CWE-264
Read more
High

CVE-2016-9312

ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.

CVSS: 7.5CWE: CWE-399
Read more
>