Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8702 | 1 Wondercms | 1 Wondercms | 2017-03-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. | |||||
| CVE-2016-10271 | 1 Libtiff | 1 Libtiff | 2017-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13. | |||||
| CVE-2016-10272 | 1 Libtiff | 1 Libtiff | 2017-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. | |||||
| CVE-2016-7780 | 1 Exponentcms | 1 Exponent Cms | 2017-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2016-7781 | 1 Exponentcms | 1 Exponent Cms | 2017-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. | |||||
| CVE-2016-7782 | 1 Exponentcms | 1 Exponent Cms | 2017-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | |||||
| CVE-2016-7783 | 1 Exponentcms | 1 Exponent Cms | 2017-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
| CVE-2017-5237 | 1 Eviewgps | 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware | 2017-03-30 | 7.8 HIGH | 7.5 HIGH |
| Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!" | |||||
| CVE-2017-5238 | 1 Eviewgps | 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware | 2017-03-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. | |||||
| CVE-2017-5239 | 1 Eviewgps | 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware | 2017-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener. | |||||
| CVE-2017-6006 | 2017-03-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2017-7230 | 1 Disksorter | 1 Disk Sorter | 2017-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. | |||||
| CVE-2017-7243 | 1 Eclipse | 1 Tinydtls | 2017-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. | |||||
| CVE-2017-7256 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-30 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. | |||||
| CVE-2017-7257 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-30 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. | |||||
| CVE-2016-8005 | 1 Mcafee | 1 Email Gateway | 2017-03-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension. | |||||
| CVE-2016-8010 | 1 Mcafee | 2 Application Control, Endpoint Security | 2017-03-30 | 4.6 MEDIUM | 7.8 HIGH |
| Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility. | |||||
| CVE-2017-7200 | 1 Openstack | 1 Glance | 2017-03-30 | 5.0 MEDIUM | 5.8 MEDIUM |
| An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service. | |||||
| CVE-2017-6907 | 1 Open.gl Project | 1 Open.gl | 2017-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data (content) passed to the "Open.GL-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2015-8762 | 1 Freeradius | 1 Freeradius | 2017-03-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. | |||||