Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1183 | 1 Ibm | 1 Tivoli Monitoring | 2017-07-20 | 5.4 MEDIUM | 7.5 HIGH |
| IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. | |||||
| CVE-2017-2248 | 1 Chitora | 1 Lhaz\+ | 2017-07-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2246 | 1 Chitora | 1 Lhaz | 2017-07-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-9669 | 1 Alpinelinux | 1 Alpine Linux | 2017-07-20 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file. | |||||
| CVE-2017-9671 | 1 Alpinelinux | 1 Alpine Linux | 2017-07-20 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block. | |||||
| CVE-2017-0243 | 1 Microsoft | 3 Business Productivity Servers, Office, Web Applications | 2017-07-20 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570. | |||||
| CVE-2017-11419 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']. | |||||
| CVE-2017-11418 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. | |||||
| CVE-2017-11416 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. | |||||
| CVE-2017-11417 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id']. | |||||
| CVE-2017-11415 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. | |||||
| CVE-2017-11414 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. | |||||
| CVE-2017-11413 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. | |||||
| CVE-2017-11412 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. | |||||
| CVE-2017-11339 | 1 Exiv2 | 1 Exiv2 | 2017-07-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |||||
| CVE-2017-11340 | 1 Exiv2 | 1 Exiv2 | 2017-07-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. | |||||
| CVE-2017-11337 | 1 Exiv2 | 1 Exiv2 | 2017-07-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2006-5818 | 1 Ibm | 1 Lotus Domino | 2017-07-19 | 7.2 HIGH | N/A |
| Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-5824 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 4.9 MEDIUM | N/A |
| Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. | |||||
| CVE-2006-5827 | 1 Phpcomasy | 1 Phpcomasy | 2017-07-19 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) password parameters. | |||||