Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9830 | 1 Code42 | 1 Crashplan | 2017-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients. | |||||
| CVE-2017-9763 | 1 Radare | 1 Radare2 | 2017-07-05 | 5.0 MEDIUM | 7.5 HIGH |
| The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array. | |||||
| CVE-2017-1322 | 1 Ibm | 1 Api Connect | 2017-07-05 | 6.4 MEDIUM | 8.2 HIGH |
| IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918. | |||||
| CVE-2017-9829 | 1 Vivotek | 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more | 2017-07-05 | 5.0 MEDIUM | 7.5 HIGH |
| '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. | |||||
| CVE-2015-1778 | 1 Opendaylight | 1 Opendaylight | 2017-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. | |||||
| CVE-2017-9990 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-05 | 6.8 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2016-6083 | 1 Ibm | 1 Tivoli Monitoring | 2017-07-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. | |||||
| CVE-2017-9145 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-07-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. | |||||
| CVE-2017-9948 | 1 Microsoft | 1 Skype | 2017-07-05 | 6.5 MEDIUM | 8.8 HIGH |
| A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. | |||||
| CVE-2017-3948 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2017-07-05 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session. | |||||
| CVE-2015-9097 | 1 Mail Project | 1 Mail | 2017-07-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. | |||||
| CVE-2016-7062 | 1 Redhat | 2 Storage Console, Storage Console Node | 2017-07-05 | 2.1 LOW | 7.8 HIGH |
| rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. | |||||
| CVE-2016-3997 | 1 Netapp | 1 Clustered Data Ontap | 2017-07-05 | 6.8 MEDIUM | 7.5 HIGH |
| NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | |||||
| CVE-2016-3998 | 1 Netapp | 1 Altavault | 2017-07-05 | 5.1 MEDIUM | 8.1 HIGH |
| NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | |||||
| CVE-2016-5045 | 1 Netapp | 1 Oncommand System Manager | 2017-07-05 | 6.8 MEDIUM | 8.1 HIGH |
| NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | |||||
| CVE-2016-1000218 | 1 Elastic | 1 Kibana Reporting | 2017-07-05 | 6.8 MEDIUM | 8.8 HIGH |
| Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | |||||
| CVE-2017-9731 | 1 Yocto Project | 1 Yp Core-pyro | 2017-07-05 | 5.0 MEDIUM | 7.5 HIGH |
| In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package. | |||||
| CVE-2016-5414 | 1 Freeipa | 1 Freeipa | 2017-07-05 | 5.0 MEDIUM | 7.5 HIGH |
| FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. | |||||
| CVE-2015-3840 | 1 Google | 1 Android | 2017-07-05 | 2.1 LOW | 5.5 MEDIUM |
| The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. | |||||
| CVE-2015-1591 | 1 Kamailio | 1 Kamailio | 2017-07-05 | 4.6 MEDIUM | 7.8 HIGH |
| The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. | |||||