Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9244 | 1 Trello | 1 Trello | 2017-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card. | |||||
| CVE-2017-9764 | 1 Metinfo | 1 Metinfo | 2017-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. | |||||
| CVE-2016-7812 | 1 Mufg | 1 Mitsubishi Ufj | 2017-08-07 | 4.3 MEDIUM | 3.1 LOW |
| The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication. | |||||
| CVE-2017-2283 | 1 Iodata | 2 Wn-g300r3, Wn-g300r3 Firmware | 2017-08-07 | 5.8 MEDIUM | 8.0 HIGH |
| WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | |||||
| CVE-2017-11133 | 1 Stashcat | 1 Heinekingmedia | 2017-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random() in previous versions and with CryptoJS.lib.WordArray.random() in newer versions, which uses math.random() internally. This is not cryptographically strong. | |||||
| CVE-2017-11129 | 1 Stashcat | 1 Heinekingmedia | 2017-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user. | |||||
| CVE-2017-6212 | 2017-08-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2017-11318 | 1 Cobiansoft | 1 Cobian Backup | 2017-08-07 | 6.8 MEDIUM | 8.1 HIGH |
| Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events. | |||||
| CVE-2017-11380 | 1 Trendmicro | 1 Deep Discovery Director | 2017-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | |||||
| CVE-2017-11367 | 1 Shoco Project | 1 Shoco | 2017-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data. | |||||
| CVE-2017-11183 | 1 Glpi-project | 1 Glpi | 2017-08-07 | 5.5 MEDIUM | 4.9 MEDIUM |
| front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. | |||||
| CVE-2017-1000008 | 1 Chyrp-lite Project | 1 Chyrp Lite | 2017-08-07 | 6.8 MEDIUM | 8.8 HIGH |
| Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password. | |||||
| CVE-2017-12448 | 1 Gnu | 1 Binutils | 2017-08-07 | 6.8 MEDIUM | 7.8 HIGH |
| The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c. | |||||
| CVE-2017-12449 | 1 Gnu | 1 Binutils | 2017-08-07 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. | |||||
| CVE-2017-12450 | 1 Gnu | 1 Binutils | 2017-08-07 | 6.8 MEDIUM | 7.8 HIGH |
| The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. | |||||
| CVE-2017-12451 | 1 Gnu | 1 Binutils | 2017-08-07 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file. | |||||
| CVE-2017-12452 | 1 Gnu | 1 Binutils | 2017-08-07 | 6.8 MEDIUM | 7.8 HIGH |
| The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. | |||||
| CVE-2017-12453 | 1 Gnu | 1 Binutils | 2017-08-07 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. | |||||
| CVE-2017-11379 | 1 Trendmicro | 1 Deep Discovery Director | 2017-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | |||||
| CVE-2017-11119 | 1 Nosefart Project | 1 Nosefart | 2017-08-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file. | |||||