Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4926 | 1 Juniper | 1 Junos Space | 2017-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. | |||||
| CVE-2014-9939 | 1 Gnu | 1 Binutils | 2017-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. | |||||
| CVE-2015-8983 | 1 Gnu | 1 Glibc | 2017-03-22 | 6.8 MEDIUM | 8.1 HIGH |
| Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-8984 | 1 Gnu | 1 Glibc | 2017-03-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. | |||||
| CVE-2016-4929 | 1 Juniper | 1 Junos Space | 2017-03-22 | 9.0 HIGH | 8.8 HIGH |
| Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. | |||||
| CVE-2017-6908 | 1 Concrete5 | 1 Concrete5 | 2017-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2015-8989 | 1 Mcafee | 1 Vulnerability Manager | 2017-03-22 | 4.0 MEDIUM | 8.8 HIGH |
| Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database. | |||||
| CVE-2016-9985 | 1 Ibm | 1 Cognos Business Intelligence | 2017-03-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671. | |||||
| CVE-2015-8981 | 1 Podofo Project | 1 Podofo | 2017-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size. | |||||
| CVE-2017-5537 | 1 Weblate | 1 Weblate | 2017-03-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests. | |||||
| CVE-2017-3871 | 1 Cisco | 1 Prime Optical | 2017-03-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1). | |||||
| CVE-2017-6880 | 1 Cerberus | 1 Cerberus Ftp Server | 2017-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. | |||||
| CVE-2017-5358 | 1 Easycom-aura | 1 Easycom For Php | 2017-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function. | |||||
| CVE-2016-8855 | 1 Sitecore | 1 Experience Platform | 2017-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2. | |||||
| CVE-2016-5803 | 1 Ca Technologies | 1 Unified Infrastructure Management | 2017-03-20 | 7.5 HIGH | 8.6 HIGH |
| An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. | |||||
| CVE-2017-5228 | 1 Rapid7 | 1 Metasploit | 2017-03-20 | 5.1 MEDIUM | 7.1 HIGH |
| All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | |||||
| CVE-2017-5229 | 1 Rapid7 | 1 Metasploit | 2017-03-20 | 5.1 MEDIUM | 7.1 HIGH |
| All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | |||||
| CVE-2017-5231 | 1 Rapid7 | 1 Metasploit | 2017-03-20 | 5.1 MEDIUM | 7.1 HIGH |
| All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | |||||
| CVE-2017-5232 | 1 Rapid7 | 1 Nexpose | 2017-03-20 | 6.8 MEDIUM | 7.8 HIGH |
| All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
| CVE-2017-6510 | 1 Efssoft | 1 Easy File Sharing Ftp Server | 2017-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory. | |||||