Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8968 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-07-24 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515. | |||||
| CVE-2016-9249 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2017-07-24 | 7.8 HIGH | 7.5 HIGH |
| An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). | |||||
| CVE-2016-9269 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2017-07-24 | 9.0 HIGH | 9.9 CRITICAL |
| Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737. | |||||
| CVE-2016-9314 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2017-07-24 | 4.0 MEDIUM | 7.8 HIGH |
| Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737. | |||||
| CVE-2016-9315 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2017-07-24 | 4.0 MEDIUM | 8.8 HIGH |
| Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737. | |||||
| CVE-2016-9316 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2017-07-24 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737. | |||||
| CVE-2016-9703 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2017-07-24 | 2.1 LOW | 2.4 LOW |
| IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | |||||
| CVE-2016-9704 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2017-07-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-9872 | 1 Emc | 1 Documentum D2 | 2017-07-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-9873 | 1 Emc | 1 Documentum D2 | 2017-07-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application. | |||||
| CVE-2017-0016 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2017-07-24 | 7.1 HIGH | 5.9 MEDIUM |
| Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability." | |||||
| CVE-2017-0405 | 1 Google | 1 Android | 2017-07-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359. | |||||
| CVE-2017-0406 | 1 Google | 1 Android | 2017-07-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871. | |||||
| CVE-2017-0407 | 1 Google | 1 Android | 2017-07-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375. | |||||
| CVE-2017-0413 | 1 Google | 1 Android | 2017-07-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610. | |||||
| CVE-2017-0414 | 1 Google | 1 Android | 2017-07-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795. | |||||
| CVE-2017-0420 | 1 Google | 1 Android | 2017-07-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212. | |||||
| CVE-2017-0421 | 1 Google | 1 Android | 2017-07-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637. | |||||
| CVE-2017-0422 | 1 Google | 1 Android | 2017-07-24 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088. | |||||
| CVE-2017-0424 | 1 Google | 1 Android | 2017-07-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450. | |||||