Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-0535 | 1 Linux | 1 Linux Kernel | 2017-07-17 | 2.6 LOW | 4.7 MEDIUM |
An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33547247. | |||||
CVE-2017-0536 | 1 Linux | 1 Linux Kernel | 2017-07-17 | 2.6 LOW | 4.7 MEDIUM |
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878. | |||||
CVE-2017-0537 | 1 Linux | 1 Linux Kernel | 2017-07-17 | 2.6 LOW | 4.7 MEDIUM |
An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969. | |||||
CVE-2017-1000055 | 2017-07-17 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
CVE-2017-10970 | 1 Cacti | 1 Cacti | 2017-07-17 | 4.3 MEDIUM | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. | |||||
CVE-2017-2168 | 1 Wpbookingsystem | 1 Wp Booking System | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-2195 | 1 Multi Feed Reader Project | 1 Multi Feed Reader | 2017-07-17 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2017-2224 | 1 Web-dorado | 1 Event Calendar Wd | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-2682 | 1 Siemens | 1 Ruggedcom Network Management Software | 2017-07-17 | 6.8 MEDIUM | 8.8 HIGH |
The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request. | |||||
CVE-2017-2683 | 1 Siemens | 1 Ruggedcom Network Management Software | 2017-07-17 | 4.3 MEDIUM | 8.2 HIGH |
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions. | |||||
CVE-2017-2983 | 1 Adobe | 1 Shockwave Player | 2017-07-17 | 6.8 MEDIUM | 7.8 HIGH |
Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege. | |||||
CVE-2017-4052 | 1 Mcafee | 1 Advanced Threat Defense | 2017-07-17 | 7.5 HIGH | 9.8 CRITICAL |
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. | |||||
CVE-2017-4054 | 1 Mcafee | 1 Advanced Threat Defense | 2017-07-17 | 6.5 MEDIUM | 8.8 HIGH |
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter. | |||||
CVE-2017-4055 | 1 Mcafee | 1 Advanced Threat Defense | 2017-07-17 | 5.0 MEDIUM | 7.5 HIGH |
Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization. | |||||
CVE-2017-4897 | 1 Vmware | 1 Horizon Daas | 2017-07-17 | 7.1 HIGH | 5.5 MEDIUM |
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link. | |||||
CVE-2017-4899 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2017-07-17 | 1.9 LOW | 4.7 MEDIUM |
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed. | |||||
CVE-2017-4900 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2017-07-17 | 2.1 LOW | 5.5 MEDIUM |
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | |||||
CVE-2017-9288 | 1 Raygun | 1 Raygun4wp | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | |||||
CVE-2017-9419 | 1 Webhammer | 1 Wp-custom-fields-search | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | |||||
CVE-2017-9420 | 1 Sunnythemes | 1 Spiffy Calendar | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. |