Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5870 | 1 Vimbadmin | 1 Vimbadmin | 2017-06-01 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password. | |||||
| CVE-2017-2169 | 1 Maxbuttons Project | 1 Maxbuttons | 2017-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4900 | 1 Evernote | 1 Evernote | 2017-06-01 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2016-7804 | 1 7-zip | 1 7-zip | 2017-06-01 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2015-5468 | 1 Wpshopstyling | 1 Wp E-commerce Shop Styling | 2017-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php. | |||||
| CVE-2016-3083 | 1 Apache | 1 Hive | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through. | |||||
| CVE-2017-9021 | 2017-05-31 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-5937. Reason: This candidate is a reservation duplicate of CVE-2017-5937. Notes: All CVE users should reference CVE-2017-5937 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-7503 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed. | |||||
| CVE-2016-4901 | 1 National Tax Agency | 1 E-tax | 2017-05-31 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-9067 | 2 Modx, Php | 2 Modx Revolution, Php | 2017-05-31 | 4.4 MEDIUM | 7.0 HIGH |
| In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | |||||
| CVE-2016-4854 | 1 Nttdocomo | 2 L-04d, L-04d Firmware | 2017-05-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. | |||||
| CVE-2017-1291 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2017-05-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152. | |||||
| CVE-2017-1292 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2017-05-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153. | |||||
| CVE-2016-10373 | 2017-05-31 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10214. Reason: This candidate is a reservation duplicate of CVE-2016-10214. Notes: All CVE users should reference CVE-2016-10214 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||||
| CVE-2017-7731 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | |||||
| CVE-2017-7338 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | |||||
| CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | |||||
| CVE-2017-2174 | 1 Ipa | 1 Empirical Project Monitor - Extended | 2017-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2175 | 1 Ipa | 1 Empirical Project Monitor - Extended | 2017-05-31 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||