Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7859 | 1 Ffmpeg | 1 Ffmpeg | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | |||||
| CVE-2016-8926 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539. | |||||
| CVE-2016-6726 | 1 Google | 1 Android | 2017-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices. | |||||
| CVE-2016-8925 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538. | |||||
| CVE-2016-0727 | 1 Canonical | 1 Ubuntu Linux | 2017-04-20 | 7.2 HIGH | 7.8 HIGH |
| The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup. | |||||
| CVE-2016-4874 | 1 Cybozu | 1 Office | 2017-04-20 | 3.5 LOW | 3.5 LOW |
| Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. | |||||
| CVE-2016-4871 | 1 Cybozu | 1 Office | 2017-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | |||||
| CVE-2014-3887 | 1 Iodata | 2 Rockdisk, Rockdisk Firmware | 2017-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. | |||||
| CVE-2017-5181 | 2017-04-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7692. Reason: This candidate is a reservation duplicate of CVE-2017-7692. Notes: All CVE users should reference CVE-2017-7692 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-3007 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2017-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications. | |||||
| CVE-2017-2989 | 1 Adobe | 1 Campaign | 2017-04-20 | 7.5 HIGH | 9.1 CRITICAL |
| Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. | |||||
| CVE-2013-6662 | 1 Google | 1 Chrome | 2017-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome caches TLS sessions before certificate validation occurs. | |||||
| CVE-2017-7280 | 1 Unitrends | 1 Enterprise Backup | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable. | |||||
| CVE-2017-7281 | 1 Unitrends | 1 Enterprise Backup | 2017-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload. | |||||
| CVE-2017-7626 | 1 Smart Related Articles Project | 1 Smart Related Articles | 2017-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method). | |||||
| CVE-2015-7562 | 1 Teampass | 1 Teampass | 2017-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. | |||||
| CVE-2017-7628 | 1 Smart Related Articles Project | 1 Smart Related Articles | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | |||||
| CVE-2016-6143 | 1 Sap | 1 Hana | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | |||||
| CVE-2016-5313 | 1 Symantec | 1 Web Gateway | 2017-04-20 | 9.0 HIGH | 8.8 HIGH |
| Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. | |||||
| CVE-2016-1132 | 1 Docomo | 1 Shoplat | 2017-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | |||||