Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11581 | 1 Finecms | 1 Finecms | 2017-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character. | |||||
| CVE-2017-11585 | 1 Finecms | 1 Finecms | 2017-07-28 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | |||||
| CVE-2017-11617 | 1 Atmail | 1 Atmail | 2017-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes. | |||||
| CVE-2017-1249 | 1 Ibm | 1 Rhapsody Design Manager | 2017-07-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1287 | 1 Ibm | 1 Rhapsody Design Manager | 2017-07-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2017-11586 | 1 Finecms | 1 Finecms | 2017-07-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. | |||||
| CVE-2017-11590 | 1 Gnome | 1 Libgxps | 2017-07-28 | 4.3 MEDIUM | 7.5 HIGH |
| There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2017-11592 | 1 Exiv2 | 1 Exiv2 | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input. | |||||
| CVE-2017-11555 | 1 Libsass | 1 Libsass | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | |||||
| CVE-2017-11553 | 1 Exiv2 | 1 Exiv2 | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. | |||||
| CVE-2017-11530 | 1 Imagemagick | 1 Imagemagick | 2017-07-28 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||||
| CVE-2017-11527 | 1 Imagemagick | 1 Imagemagick | 2017-07-28 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||||
| CVE-2017-11526 | 1 Imagemagick | 1 Imagemagick | 2017-07-28 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. | |||||
| CVE-2015-8796 | 1 Apache | 1 Solr | 2017-07-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. | |||||
| CVE-2016-0282 | 1 Ibm | 1 Lotus Inotes | 2017-07-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS. | |||||
| CVE-2016-1248 | 2 Debian, Vim | 2 Debian Linux, Vim | 2017-07-27 | 6.8 MEDIUM | 7.8 HIGH |
| vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. | |||||
| CVE-2016-2926 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-07-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-2938 | 1 Ibm | 2 Domino, Inotes | 2017-07-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-2939 | 1 Ibm | 2 Domino, Inotes | 2017-07-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-4487 | 1 Gnu | 1 Libiberty | 2017-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." | |||||