Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7987 | 1 Joomla | 1 Joomla\! | 2017-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. | |||||
| CVE-2017-8298 | 1 Cnvs | 1 Canvas | 2017-05-03 | 3.5 LOW | 5.4 MEDIUM |
| cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. | |||||
| CVE-2016-8924 | 1 Ibm | 1 Maximo Asset Management | 2017-05-03 | 4.3 MEDIUM | 5.6 MEDIUM |
| IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537. | |||||
| CVE-2017-8294 | 1 Virustotal | 1 Yara | 2017-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function. | |||||
| CVE-2017-7983 | 1 Joomla | 1 Joomla\! | 2017-05-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. | |||||
| CVE-2017-2092 | 1 Cybozu | 1 Garoon | 2017-05-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-8271 | 1 Huawei | 2 Espace Iad, Espace Iad Firmware | 2017-05-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. | |||||
| CVE-2017-5191 | 1 Netiq | 1 Access Manager | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | |||||
| CVE-2017-8100 | 1 Artistscope | 1 Copysafe Web Protection | 2017-05-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. | |||||
| CVE-2017-7986 | 1 Joomla | 1 Joomla\! | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. | |||||
| CVE-2017-2118 | 1 Wbce | 1 Wbce Cms | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7984 | 1 Joomla | 1 Joomla\! | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. | |||||
| CVE-2017-7989 | 1 Joomla | 1 Joomla\! | 2017-05-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | |||||
| CVE-2016-2433 | 1 Google | 1 Android | 2017-05-02 | 8.3 HIGH | 8.8 HIGH |
| The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. | |||||
| CVE-2016-10210 | 1 Virustotal | 1 Yara | 2017-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function. | |||||
| CVE-2016-10211 | 1 Virustotal | 1 Yara | 2017-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function. | |||||
| CVE-2016-6561 | 1 Illumos | 1 Illumos | 2017-05-01 | 7.8 HIGH | 7.5 HIGH |
| illumos smbsrv NULL pointer dereference allows system crash. | |||||
| CVE-2016-8026 | 1 Mcafee | 1 Security Scan Plus | 2017-05-01 | 4.6 MEDIUM | 7.8 HIGH |
| Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. | |||||
| CVE-2016-9693 | 1 Ibm | 2 Business Process Manager, Websphere | 2017-05-01 | 6.8 MEDIUM | 6.1 MEDIUM |
| IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. | |||||
| CVE-2016-9723 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2017-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534. | |||||