Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0863 | 1 Samsung | 2 Galaxy App, Samsung Account App | 2017-04-04 | 7.9 HIGH | 8.0 HIGH |
| GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | |||||
| CVE-2016-9192 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2017-04-04 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225). | |||||
| CVE-2016-8005 | 1 Mcafee | 1 Email Gateway | 2017-03-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension. | |||||
| CVE-2016-8960 | 1 Ibm | 1 Cognos Business Intelligence | 2017-03-29 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718. | |||||
| CVE-2015-2263 | 1 Cloudera | 1 Cloudera Manager | 2017-03-29 | 2.1 LOW | 3.3 LOW |
| Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. | |||||
| CVE-2015-8993 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2017-03-28 | 6.9 MEDIUM | 7.0 HIGH |
| Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | |||||
| CVE-2015-8991 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2017-03-28 | 6.9 MEDIUM | 7.0 HIGH |
| Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | |||||
| CVE-2014-0229 | 2 Apache, Cloudera | 2 Hadoop, Cdh | 2017-03-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. | |||||
| CVE-2013-6446 | 1 Cloudera | 1 Cdh | 2017-03-28 | 3.5 LOW | 3.1 LOW |
| The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs. | |||||
| CVE-2014-7279 | 1 Kankunit | 2 Konke Smart Plug, Konke Smart Plug Firmware | 2017-03-28 | 10.0 HIGH | 9.8 CRITICAL |
| The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. | |||||
| CVE-2016-8008 | 2 Mcafee, Microsoft | 3 Security Scan Plus, Windows 10, Windows 7 | 2017-03-27 | 7.2 HIGH | 8.8 HIGH |
| Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system. | |||||
| CVE-2016-8009 | 1 Mcafee | 1 Application Control | 2017-03-27 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call. | |||||
| CVE-2015-6607 | 2 Google, Sqlite | 2 Android, Sqlite | 2017-03-25 | 6.8 MEDIUM | N/A |
| SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. | |||||
| CVE-2015-8954 | 1 Openinfosecfoundation | 1 Suricata | 2017-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. | |||||
| CVE-2016-4617 | 1 Apple | 1 Mac Os X | 2017-03-24 | 4.6 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. | |||||
| CVE-2015-8992 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2017-03-23 | 6.9 MEDIUM | 7.0 HIGH |
| Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | |||||
| CVE-2014-9921 | 1 Mcafee | 1 Cloud Analysis And Deconstructive Services | 2017-03-23 | 9.7 HIGH | 9.8 CRITICAL |
| Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error. | |||||
| CVE-2015-1610 | 1 Opendaylight | 1 L2switch | 2017-03-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing." | |||||
| CVE-2016-10187 | 1 Calibre-ebook | 1 Calibre | 2017-03-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | |||||
| CVE-2014-8708 | 1 Pluck-cms | 1 Pluck | 2017-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. | |||||