Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10215 | 1 Fastspot | 1 Bigtree-form-builder | 2017-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-3995 | 1 Cryptopp | 1 Crypto\+\+ | 2017-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks. | |||||
| CVE-2017-5163 | 1 Belden Hirschmann | 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware | 2017-03-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal. | |||||
| CVE-2016-5932 | 1 Ibm | 1 Connections | 2017-03-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294. | |||||
| CVE-2016-8233 | 1 Lenovo | 1 Xclarity Administrator | 2017-03-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | |||||
| CVE-2016-9819 | 1 Libav | 1 Libav | 2017-03-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||||
| CVE-2016-9820 | 1 Libav | 1 Libav | 2017-03-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||||
| CVE-2016-9823 | 1 Libav | 1 Libav | 2017-03-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2016-9824 | 1 Libav | 1 Libav | 2017-03-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2016-9825 | 1 Libav | 1 Libav | 2017-03-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||||
| CVE-2016-9826 | 1 Libav | 1 Libav | 2017-03-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||||
| CVE-2017-5501 | 1 Jasper Project | 1 Jasper | 2017-03-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2017-5665 | 1 Libmp3splt Project | 1 Libmp3splt | 2017-03-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||||
| CVE-2017-5853 | 1 Podofo Project | 1 Podofo | 2017-03-02 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | |||||
| CVE-2017-5854 | 1 Podofo Project | 1 Podofo | 2017-03-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||||
| CVE-2017-5982 | 1 Kodi | 1 Kodi | 2017-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd. | |||||
| CVE-2016-8974 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2017-03-02 | 7.5 HIGH | 8.1 HIGH |
| IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798. | |||||
| CVE-2016-0890 | 1 Emc | 1 Powerpath Virtual Appliance | 2017-03-02 | 6.0 MEDIUM | 6.4 MEDIUM |
| EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-8492 | 1 Fortinet | 1 Fortios | 2017-03-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. | |||||
| CVE-2016-8105 | 1 Intel | 8 X710-am2 Controller, X710-bm2 Controller, X710 Series Driver and 5 more | 2017-03-02 | 6.1 MEDIUM | 6.5 MEDIUM |
| Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations. | |||||