Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10213 | 1 A10networks | 1 Advanced Core Operating System | 2017-03-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | |||||
| CVE-2016-8494 | 1 Fortinet | 1 Connect | 2017-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. | |||||
| CVE-2017-2968 | 1 Adobe | 1 Campaign | 2017-02-28 | 7.5 HIGH | 9.1 CRITICAL |
| Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | |||||
| CVE-2017-2969 | 1 Adobe | 1 Campaign | 2017-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2017-3833 | 1 Cisco | 1 Unified Communications Manager | 2017-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). | |||||
| CVE-2017-5586 | 1 Opentext | 1 Documentum D2 | 2017-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. | |||||
| CVE-2017-5589 | 1 Yaxim | 2 Bruno, Yaxim | 2017-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 - 0.8.8; Android). | |||||
| CVE-2017-5590 | 2 Chatsecure, Zom | 2 Chatsecure, Zom | 2017-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS). | |||||
| CVE-2017-5593 | 1 Psi-plus | 1 Psi\+ | 2017-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ (0.16.563.580 - 0.16.571.627). | |||||
| CVE-2017-5602 | 1 Jappix Project | 1 Jappix | 2017-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6. | |||||
| CVE-2017-5603 | 1 Jitsi | 1 Jitsi | 2017-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544. | |||||
| CVE-2017-5604 | 1 Mcabber | 1 Mcabber | 2017-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4. | |||||
| CVE-2017-5605 | 1 Movim | 1 Movim | 2017-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10. | |||||
| CVE-2017-5858 | 1 Conversejs | 1 Converse.js | 2017-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4). | |||||
| CVE-2016-3180 | 1 Tor Browser Launcher Project | 1 Tor Browser Launcher | 2017-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. | |||||
| CVE-2016-8355 | 1 Smiths-medical | 1 Cadd-solis Medication Safety Software | 2017-02-28 | 9.0 HIGH | 9.9 CRITICAL |
| An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates. | |||||
| CVE-2016-8358 | 1 Smiths-medical | 1 Cadd-solis Medication Safety Software | 2017-02-28 | 6.0 MEDIUM | 8.5 HIGH |
| An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints. | |||||
| CVE-2016-4043 | 1 Plone | 1 Plone | 2017-02-28 | 3.5 LOW | 4.9 MEDIUM |
| Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. | |||||
| CVE-2016-8566 | 1 Siemens | 1 Sicam Pas | 2017-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. | |||||
| CVE-2016-3102 | 1 Jenkins | 1 Script Security | 2017-02-28 | 7.5 HIGH | 7.3 HIGH |
| The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. | |||||