Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5802 | 1 Delta Electronics | 3 Ispsoft, Pmsoft, Wplsoft | 2017-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. | |||||
| CVE-2015-4049 | 1 Unisys | 1 Mcp-firmware | 2017-03-14 | 5.6 MEDIUM | 6.8 MEDIUM |
| Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption. | |||||
| CVE-2016-10171 | 1 Wavpack Project | 1 Wavpack | 2017-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | |||||
| CVE-2016-10172 | 1 Wavpack Project | 1 Wavpack | 2017-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | |||||
| CVE-2016-10170 | 1 Wavpack Project | 1 Wavpack | 2017-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | |||||
| CVE-2016-5374 | 1 Netapp | 1 Data Ontap | 2017-03-14 | 6.5 MEDIUM | 8.8 HIGH |
| NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. | |||||
| CVE-2016-8940 | 1 Ibm | 1 Tivoli Storage Manager | 2017-03-14 | 4.0 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946. | |||||
| CVE-2017-6180 | 1 Keekoonvision | 2 Kk002 Ip Camera, Kk002 Ip Camera Firmware | 2017-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages). | |||||
| CVE-2016-8353 | 1 Osisoft | 1 Pi Web Api 2015 R2 | 2017-03-14 | 5.5 MEDIUM | 6.4 MEDIUM |
| An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. | |||||
| CVE-2016-9871 | 1 Emc | 1 Isilon Onefs | 2017-03-14 | 9.0 HIGH | 7.2 HIGH |
| EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. | |||||
| CVE-2016-9337 | 1 Tesla | 1 Gateway Ecu | 2017-03-14 | 4.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection. | |||||
| CVE-2016-5813 | 1 Visonic | 2 Powerlink2, Powerlink2 Firmware | 2017-03-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE). | |||||
| CVE-2015-4408 | 1 Hikvision | 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more | 2017-03-14 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue. | |||||
| CVE-2015-4409 | 1 Hikvision | 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more | 2017-03-14 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue. | |||||
| CVE-2015-4407 | 1 Hikvision | 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more | 2017-03-14 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue. | |||||
| CVE-2015-7464 | 1 Ibm | 1 Jazz Reporting Service | 2017-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL. | |||||
| CVE-2016-10143 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. | |||||
| CVE-2016-1985 | 2 Hp, Microsoft | 2 Operations Manager, Windows | 2017-03-13 | 10.0 HIGH | 10.0 CRITICAL |
| HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2016-9006 | 1 Ibm | 1 Urbancode Deploy | 2017-03-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264. | |||||
| CVE-2017-6503 | 1 Qbittorrent | 1 Qbittorrent | 2017-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | |||||