Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5165 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2017-02-16 | 6.8 MEDIUM | 7.6 HIGH |
| An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | |||||
| CVE-2017-5162 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2017-02-16 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. | |||||
| CVE-2017-5164 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2017-02-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session (CROSS-SITE SCRIPTING). | |||||
| CVE-2016-1889 | 1 Freebsd | 1 Freebsd | 2017-02-16 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor. | |||||
| CVE-2016-5900 | 1 Ibm | 1 Tealeaf Customer Experience On Cloud Network Capture Add-on | 2017-02-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2016-8659 | 1 Bubblewrap Project | 1 Bubblewrap | 2017-02-16 | 6.9 MEDIUM | 7.0 HIGH |
| Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. | |||||
| CVE-2017-5595 | 1 Zoneminder | 1 Zoneminder | 2017-02-16 | 2.1 LOW | 5.5 MEDIUM |
| A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. | |||||
| CVE-2016-8376 | 1 Kabona Ab | 1 Webdatorcentral | 2017-02-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities. | |||||
| CVE-2016-8356 | 1 Kabona Ab | 1 Webdatorcentral | 2017-02-16 | 4.3 MEDIUM | 8.2 HIGH |
| An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. | |||||
| CVE-2016-4547 | 1 Samsung | 1 Samsung Mobile | 2017-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. | |||||
| CVE-2016-4546 | 1 Samsung | 1 Samsung Mobile | 2017-02-16 | 2.1 LOW | 5.5 MEDIUM |
| Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. | |||||
| CVE-2016-10223 | 1 Bigtreecms | 1 Bigtree Cms | 2017-02-16 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-1999-1548 | 1 Cabletron | 1 Smartswitch Router 8000 Firmware | 2017-02-15 | 5.0 MEDIUM | N/A |
| Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit. | |||||
| CVE-2016-5953 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2017-02-15 | 4.3 MEDIUM | 3.7 LOW |
| IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL. | |||||
| CVE-2016-6115 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2017-02-15 | 9.0 HIGH | 7.2 HIGH |
| IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash. | |||||
| CVE-2016-0203 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2017-02-15 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to. | |||||
| CVE-2016-2924 | 1 Ibm | 1 Biginsights | 2017-02-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2017-1128 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2017-02-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2015-8936 | 1 Squidguard | 1 Squidguard | 2017-02-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. | |||||
| CVE-2016-0206 | 1 Ibm | 1 Cloud Orchestrator | 2017-02-15 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. | |||||