Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9772 | 1 Nodejs | 1 Node.js | 2017-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. | |||||
| CVE-2015-1000002 | 1 Filedownload Project | 1 Filedownload | 2017-03-28 | 5.8 MEDIUM | 8.2 HIGH |
| Open Proxy in filedownload v1.4 wordpress plugin | |||||
| CVE-2015-1000003 | 1 Filedownload Project | 1 Filedownload | 2017-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Blind SQL Injection in filedownload v1.4 wordpress plugin | |||||
| CVE-2015-1000004 | 1 Filedownload Project | 1 Filedownload | 2017-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in filedownload v1.4 wordpress plugin | |||||
| CVE-2015-1000005 | 1 Candidate-application-form Project | 1 Candidate-application-form | 2017-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | |||||
| CVE-2015-1000006 | 1 Recent-backups Project | 1 Recent-backups | 2017-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download vulnerability in recent-backups v0.7 wordpress plugin | |||||
| CVE-2016-10203 | 1 Zoneminder | 1 Zoneminder | 2017-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | |||||
| CVE-2016-10205 | 1 Zoneminder | 1 Zoneminder | 2017-03-28 | 7.5 HIGH | 7.3 HIGH |
| Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | |||||
| CVE-2016-10206 | 1 Zoneminder | 1 Zoneminder | 2017-03-28 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. | |||||
| CVE-2016-10227 | 1 Zyxel | 4 Nwa3560-n, Nwa3560-n Firmware, Usg50 and 1 more | 2017-03-28 | 7.8 HIGH | 7.5 HIGH |
| Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. | |||||
| CVE-2016-9571 | 2017-03-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9606. Reason: This candidate is a duplicate of CVE-2016-9606. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should reference CVE-2016-9606 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-7261 | 1 Linux | 1 Linux Kernel | 2017-03-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. | |||||
| CVE-2017-7263 | 1 Potrace Project | 1 Potrace | 2017-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698. | |||||
| CVE-2017-7264 | 1 Artifex | 1 Mupdf | 2017-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2017-7266 | 1 Netflix | 1 Security Monkey | 2017-03-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header. | |||||
| CVE-2015-4078 | 1 Cloudera | 2 Cloudera Manager, Navigator | 2017-03-28 | 3.5 LOW | 3.1 LOW |
| Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | |||||
| CVE-2015-8993 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2017-03-28 | 6.9 MEDIUM | 7.0 HIGH |
| Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | |||||
| CVE-2015-8991 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2017-03-28 | 6.9 MEDIUM | 7.0 HIGH |
| Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | |||||
| CVE-2014-0229 | 2 Apache, Cloudera | 2 Hadoop, Cdh | 2017-03-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. | |||||
| CVE-2017-7249 | 1 Gazelle Project | 1 Gazelle | 2017-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazelle-master/sections/tools/data/ocelot_info.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||