Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11128 | 1 Bolt | 1 Bolt Cms | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. | |||||
CVE-2017-11127 | 1 Bolt | 1 Bolt Cms | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. | |||||
CVE-2017-1000062 | 1 Kitto Project | 1 Kitto | 2017-07-19 | 5.0 MEDIUM | 7.5 HIGH |
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution | |||||
CVE-2017-1000054 | 1 Rocketchat | 1 Rocket.chat | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. | |||||
CVE-2017-1000039 | 1 Framasoft | 1 Framadate | 2017-07-19 | 7.5 HIGH | 9.8 CRITICAL |
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution | |||||
CVE-2017-1000044 | 1 Gnome | 1 Gtk-vnc | 2017-07-19 | 7.5 HIGH | 9.8 CRITICAL |
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering | |||||
CVE-2017-1000075 | 1 Creolabs | 1 Gravity | 2017-07-19 | 7.5 HIGH | 9.8 CRITICAL |
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function | |||||
CVE-2017-1000063 | 1 Kitto Project | 1 Kitto | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | |||||
CVE-2017-1000064 | 1 Kitto Project | 1 Kitto | 2017-07-19 | 5.0 MEDIUM | 7.5 HIGH |
kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS | |||||
CVE-2017-1000073 | 1 Creolabs | 1 Gravity | 2017-07-19 | 7.5 HIGH | 9.8 CRITICAL |
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. | |||||
CVE-2017-1000074 | 1 Creolabs | 1 Gravity | 2017-07-19 | 7.5 HIGH | 9.8 CRITICAL |
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. | |||||
CVE-2017-10929 | 1 Radare | 1 Radare2 | 2017-07-19 | 6.8 MEDIUM | 7.8 HIGH |
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02. | |||||
CVE-2017-1000032 | 1 Cacti | 1 Cacti | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. | |||||
CVE-2017-7664 | 1 Apache | 1 Openmeetings | 2017-07-19 | 7.5 HIGH | 10.0 CRITICAL |
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | |||||
CVE-2017-7663 | 1 Apache | 1 Openmeetings | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | |||||
CVE-2017-7666 | 1 Apache | 1 Openmeetings | 2017-07-19 | 6.8 MEDIUM | 8.8 HIGH |
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | |||||
CVE-2017-7681 | 1 Apache | 1 Openmeetings | 2017-07-19 | 6.5 MEDIUM | 8.8 HIGH |
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. | |||||
CVE-2017-7683 | 1 Apache | 1 Openmeetings | 2017-07-19 | 5.0 MEDIUM | 7.5 HIGH |
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | |||||
CVE-2017-1000031 | 1 Cacti | 1 Cacti | 2017-07-19 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | |||||
CVE-2017-3102 | 1 Adobe | 1 Connect | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack. |