Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4473 | 2 Php, Suse | 3 Php, Linux Enterprise Module For Web Scripting, Linux Enterprise Software Development Kit | 2017-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. | |||||
| CVE-2016-7831 | 1 Fenrir-inc | 1 Sleipnir | 2017-06-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage. | |||||
| CVE-2016-7805 | 1 Unisys | 1 Mobigate | 2017-06-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-7819 | 1 Iodata | 4 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 1 more | 2017-06-16 | 9.0 HIGH | 7.2 HIGH |
| I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-7820 | 1 Iodata | 4 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 1 more | 2017-06-16 | 9.0 HIGH | 7.2 HIGH |
| Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-7050 | 1 Redhat | 4 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 1 more | 2017-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. | |||||
| CVE-2016-4471 | 1 Redhat | 1 Cloudforms | 2017-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | |||||
| CVE-2016-7808 | 1 Corega | 4 Cg-wlbaragm Firmware, Cg-wlbargmh, Cg-wlbargnl and 1 more | 2017-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-7919 | 1 Google | 1 Android | 2017-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash). | |||||
| CVE-2015-1379 | 1 Dest-unreach | 1 Socat | 2017-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). | |||||
| CVE-2015-3634 | 1 Slideshow Project | 1 Slideshow | 2017-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. | |||||
| CVE-2016-7806 | 1 Iodata | 2 Wfs-sr01, Wfs-sr01 Firmware | 2017-06-15 | 10.0 HIGH | 9.8 CRITICAL |
| I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-7807 | 1 Iodata | 2 Wfs-sr01, Wfs-sr01 Firmware | 2017-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. | |||||
| CVE-2017-7564 | 1 Arm | 1 Arm Trusted Firmware | 2017-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. | |||||
| CVE-2017-9546 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-15 | 3.5 LOW | 5.7 MEDIUM |
| admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name. | |||||
| CVE-2017-9548 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-15 | 3.5 LOW | 5.4 MEDIUM |
| admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change). | |||||
| CVE-2017-9547 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-15 | 3.5 LOW | 5.4 MEDIUM |
| admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change). | |||||
| CVE-2014-4843 | 1 Ibm | 1 Curam Social Program Management | 2017-06-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. | |||||
| CVE-2016-3095 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2017-06-15 | 2.1 LOW | 5.5 MEDIUM |
| server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | |||||
| CVE-2016-4973 | 1 Gnu | 1 Libssp | 2017-06-15 | 4.6 MEDIUM | 7.8 HIGH |
| Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature. | |||||