Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8937 | 1 Life Before Us | 1 Yo. | 2017-05-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-4070 | 1 Wow New Media | 1 Wow Moodboard Lite | 2017-05-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2017-6889 | 1 Libraw | 1 Libraw-demosaic-pack-gpl2 | 2017-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. | |||||
| CVE-2016-10283 | 1 Linux | 1 Linux Kernel | 2017-05-23 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052. | |||||
| CVE-2016-10295 | 1 Linux | 1 Linux Kernel | 2017-05-23 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326. | |||||
| CVE-2016-7980 | 1 Spip | 1 Spip | 2017-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. | |||||
| CVE-2016-7982 | 1 Spip | 1 Spip | 2017-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. | |||||
| CVE-2016-7998 | 1 Spip | 1 Spip | 2017-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. | |||||
| CVE-2016-7999 | 1 Spip | 1 Spip | 2017-05-23 | 4.3 MEDIUM | 7.4 HIGH |
| ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. | |||||
| CVE-2017-5670 | 1 Riverbed | 1 Rios | 2017-05-23 | 2.1 LOW | 4.6 MEDIUM |
| Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks. | |||||
| CVE-2017-0255 | 1 Microsoft | 1 Sharepoint Foundation | 2017-05-23 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability". | |||||
| CVE-2017-0264 | 1 Microsoft | 1 Powerpoint For Mac | 2017-05-23 | 9.3 HIGH | 7.8 HIGH |
| Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265. | |||||
| CVE-2017-0221 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240. | |||||
| CVE-2017-0266 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability." | |||||
| CVE-2017-2163 | 1 N-i-agroinformatics | 1 Soy Cms | 2017-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | |||||
| CVE-2017-5654 | 1 Apache | 1 Ambari | 2017-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. | |||||
| CVE-2017-0238 | 1 Microsoft | 2 Edge, Internet Explorer | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236. | |||||
| CVE-2017-8929 | 1 Virustotal | 1 Yara | 2017-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. | |||||
| CVE-2017-0235 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238. | |||||
| CVE-2017-0229 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | |||||