Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9996 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-05 | 6.8 MEDIUM | 7.8 HIGH |
| The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-9991 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-10798 | 1 Objectplanet | 1 Opinio | 2017-07-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In ObjectPlanet Opinio before 7.6.4, there is XSS. | |||||
| CVE-2017-10681 | 1 Piwigo | 1 Piwigo | 2017-07-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. | |||||
| CVE-2015-7686 | 1 Email-address Project | 1 Email-address | 2017-07-03 | 7.8 HIGH | N/A |
| Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments. | |||||
| CVE-2017-10680 | 1 Piwigo | 1 Piwigo | 2017-07-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | |||||
| CVE-2017-9995 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-03 | 6.8 MEDIUM | 7.8 HIGH |
| libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2015-8697 | 1 Stalin Project | 1 Stalin | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| stalin 0.11-5 allows local users to write to arbitrary files. | |||||
| CVE-2015-7895 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||||
| CVE-2015-7898 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||||
| CVE-2014-8149 | 1 Opendaylight | 1 Defense4all | 2017-07-03 | 6.5 MEDIUM | 8.8 HIGH |
| OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. | |||||
| CVE-2015-2245 | 1 Huawei | 2 P7-l09, P7-l09 Firmware | 2017-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). | |||||
| CVE-2017-10667 | 1 Zen-cart | 1 Zen Cart | 2017-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. | |||||
| CVE-2017-8575 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability." | |||||
| CVE-2017-8554 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-07-03 | 1.9 LOW | 4.7 MEDIUM |
| The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application. | |||||
| CVE-2017-9982 | 1 Teamspeak | 1 Teamspeak Client | 2017-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character. | |||||
| CVE-2017-9356 | 1 Sitecore | 1 Sitecore.net | 2017-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI. | |||||
| CVE-2017-1106 | 1 Ibm | 1 Curam Social Program Management | 2017-07-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744. | |||||
| CVE-2017-10671 | 1 Sthttpd Project | 1 Sthttpd | 2017-07-03 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename. | |||||
| CVE-2017-2773 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2017-07-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue. | |||||