Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3519 | 1 Openvz | 1 Vzkernel | 2018-02-27 | 4.9 MEDIUM | 6.5 MEDIUM |
| The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure. | |||||
| CVE-2016-7565 | 1 Exponentcms | 1 Exponent Cms | 2018-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. | |||||
| CVE-2016-6598 | 1 Bmc | 1 Track-it\! | 2018-02-26 | 10.0 HIGH | 9.8 CRITICAL |
| BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM. | |||||
| CVE-2016-0342 | 1 Ibm | 1 Tririga Application Platform | 2018-02-15 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783. | |||||
| CVE-2015-3888 | 1 Jolla | 1 Sailfish Os | 2018-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL. | |||||
| CVE-2015-8008 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2018-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | |||||
| CVE-2015-8845 | 3 Linux, Novell, Suse | 8 Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 5 more | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | |||||
| CVE-2016-3044 | 1 Ibm | 1 Powerkvm | 2018-01-05 | 4.9 MEDIUM | 6.5 MEDIUM |
| The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | |||||
| CVE-2001-0781 | 1 Pi-soft | 1 Spoonftp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. | |||||
| CVE-2012-1327 | 1 Cisco | 1 Ios | 2017-12-07 | 6.1 MEDIUM | N/A |
| dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391. | |||||
| CVE-2016-5341 | 1 Google | 1 Android | 2017-12-06 | 7.1 HIGH | 5.9 MEDIUM |
| The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554). | |||||
| CVE-2015-9245 | 1 Progress | 1 Openedge | 2017-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | |||||
| CVE-2015-8140 | 1 Ntp | 1 Ntp | 2017-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. | |||||
| CVE-2013-4246 | 1 Apache | 1 Subversion | 2017-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. | |||||
| CVE-2016-1894 | 1 Netapp | 1 Oncommand Workflow Automation | 2017-11-16 | 9.3 HIGH | 8.1 HIGH |
| NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2012-2947 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2017-11-13 | 2.6 LOW | N/A |
| chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. | |||||
| CVE-2016-5943 | 1 Ibm | 1 Spectrum Control | 2017-11-13 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors. | |||||
| CVE-2016-10124 | 1 Linuxcontainers | 1 Lxc | 2017-11-13 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container. | |||||
| CVE-2014-9489 | 1 Gollum Project | 3 Gollum, Gollum-lib, Grit Adapter | 2017-11-08 | 6.5 MEDIUM | 8.8 HIGH |
| The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags. | |||||
| CVE-2016-10514 | 1 Piwigo | 1 Piwigo | 2017-11-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring. | |||||