Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9724 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-03-08 | 7.5 HIGH | 8.1 HIGH |
| IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999537. | |||||
| CVE-2016-9728 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543. | |||||
| CVE-2016-9553 | 1 Sophos | 1 Web Appliance | 2017-03-08 | 9.0 HIGH | 7.2 HIGH |
| The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258. | |||||
| CVE-2016-10193 | 1 Espeak-ruby Project | 1 Espeak-ruby | 2017-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb. | |||||
| CVE-2016-7145 | 1 Nefarious2 Project | 1 Nefarious2 | 2017-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | |||||
| CVE-2016-10040 | 1 Qt | 1 Qxmlsimplereader | 2017-03-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags. | |||||
| CVE-2016-5315 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2017-03-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | |||||
| CVE-2016-6244 | 1 Openbsd | 1 Openbsd | 2017-03-08 | 7.8 HIGH | 7.5 HIGH |
| The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value. | |||||
| CVE-2017-6411 | 2 D-link, Dlink | 2 Dsl-2730u, Dsl-2730u Firmware | 2017-03-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | |||||
| CVE-2017-6416 | 1 Flexense | 1 Sysgauge | 2017-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string. | |||||
| CVE-2017-6446 | 1 Dotclear | 1 Dotclear | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. | |||||
| CVE-2017-6479 | 1 Fenix Hosting | 1 Fenix-open-source | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter). | |||||
| CVE-2017-6480 | 1 Groovel Project | 1 Cmsgroovel | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter). | |||||
| CVE-2017-6481 | 1 Phpipam | 1 Phpipam | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6482 | 2017-03-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-6394. Reason: This candidate is a duplicate of CVE-2017-6394. Notes: All CVE users should reference CVE-2017-6394 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-6483 | 1 Atutor | 1 Atutor | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-5865 | 1 Owncloud | 1 Owncloud | 2017-03-07 | 4.3 MEDIUM | 3.7 LOW |
| The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. | |||||
| CVE-2017-6509 | 1 Burgundy-cms Project | 1 Burgundy-cms | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter). | |||||
| CVE-2017-5866 | 1 Owncloud | 1 Owncloud | 2017-03-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-9148 | 1 Ca | 1 Service Desk Manager | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter. | |||||