Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5754 | 1 Netiq | 1 Access Manager | 2017-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. | |||||
| CVE-2016-4504 | 1 Meteocontrol | 1 Weblog | 2017-03-24 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. | |||||
| CVE-2015-8954 | 1 Openinfosecfoundation | 1 Suricata | 2017-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. | |||||
| CVE-2016-10046 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | |||||
| CVE-2016-10047 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 7.1 HIGH | 5.5 MEDIUM |
| Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. | |||||
| CVE-2016-10048 | 2 Imagemagick, Opensuse Project | 2 Imagemagick, Leap | 2017-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | |||||
| CVE-2014-9840 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | |||||
| CVE-2014-9838 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2014-9839 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). | |||||
| CVE-2014-9832 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. | |||||
| CVE-2014-9833 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. | |||||
| CVE-2014-9834 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. | |||||
| CVE-2014-9835 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. | |||||
| CVE-2014-9836 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. | |||||
| CVE-2017-2577 | 2017-03-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2009-2197 | 1 Apple | 1 Safari | 2017-03-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. | |||||
| CVE-2012-1574 | 2 Apache, Cloudera | 3 Hadoop, Cloudera Cdh, Hadoop | 2017-03-23 | 6.5 MEDIUM | N/A |
| The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors. | |||||
| CVE-2012-3376 | 1 Apache | 1 Hadoop | 2017-03-23 | 7.5 HIGH | N/A |
| DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts. | |||||
| CVE-2013-2192 | 1 Apache | 1 Hadoop | 2017-03-23 | 3.2 LOW | N/A |
| The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication. | |||||
| CVE-2013-2193 | 1 Apache | 1 Hbase | 2017-03-23 | 4.3 MEDIUM | N/A |
| Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors. | |||||