Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7891 | 1 Sourcebans-pp Project | 1 Sourcebans-pp | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. | |||||
| CVE-2016-4844 | 1 Cybozu | 1 Mailwise | 2017-04-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. | |||||
| CVE-2016-1220 | 1 Cybozu | 1 Garoon | 2017-04-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon before 4.2.2 does not properly restrict access. | |||||
| CVE-2016-1217 | 1 Cybozu | 1 Garoon | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | |||||
| CVE-2016-1218 | 1 Cybozu | 1 Garoon | 2017-04-25 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Cybozu Garoon before 4.2.2. | |||||
| CVE-2016-1214 | 1 Cybozu | 1 Garoon | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | |||||
| CVE-2016-1215 | 1 Cybozu | 1 Garoon | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | |||||
| CVE-2016-1216 | 1 Cybozu | 1 Garoon | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | |||||
| CVE-2016-1213 | 1 Cybozu | 1 Garoon | 2017-04-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | |||||
| CVE-2015-2947 | 1 Grabacr.net | 1 Kancolleviewer | 2017-04-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic. | |||||
| CVE-2016-9278 | 1 Samsung | 1 Exynos Fimg2d Driver | 2017-04-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736. | |||||
| CVE-2016-9279 | 1 Samsung | 1 Exynos Fimg2d Driver | 2017-04-24 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853. | |||||
| CVE-2017-7192 | 1 Starscream Project | 1 Starscream | 2017-04-24 | 5.0 MEDIUM | 7.5 HIGH |
| WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | |||||
| CVE-2017-7896 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2017-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. | |||||
| CVE-2017-7871 | 1 Tdm Project | 1 Tdm | 2017-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). | |||||
| CVE-2015-8256 | 1 Axis | 11 Cannon Network Camera, Explosion-protected Camera, Fixed Box Camera and 8 more | 2017-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. | |||||
| CVE-2016-7060 | 1 Redhat | 1 Quickstart Cloud Installer | 2017-04-24 | 2.1 LOW | 4.6 MEDIUM |
| The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. | |||||
| CVE-2016-7551 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2017-04-24 | 5.0 MEDIUM | 7.5 HIGH |
| chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). | |||||
| CVE-2017-7978 | 1 Samsung | 1 Samsung Mobile | 2017-04-24 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290. | |||||
| CVE-2017-7282 | 1 Unitrends | 1 Enterprise Backup | 2017-04-24 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI). | |||||