Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2017-2614 —
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with exp... read CVE-2017-2614
Published: July 27, 2018; 02:29:00 PM -04:00
-
CVE-2017-15119 —
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client... read CVE-2017-15119
Published: July 27, 2018; 12:29:00 PM -04:00
-
CVE-2017-2651 —
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people... read CVE-2017-2651
Published: July 27, 2018; 02:29:01 PM -04:00
-
CVE-2017-2634 —
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A... read CVE-2017-2634
Published: July 27, 2018; 03:29:00 PM -04:00
-
CVE-2017-15120 —
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remot... read CVE-2017-15120
Published: July 27, 2018; 11:29:00 AM -04:00
-
CVE-2017-12195 —
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication... read CVE-2017-12195
Published: July 27, 2018; 11:29:00 AM -04:00
-
CVE-2017-12165 —
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
Published: July 27, 2018; 11:29:00 AM -04:00
-
CVE-2018-1288 —
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data... read CVE-2018-1288
Published: July 26, 2018; 10:29:00 AM -04:00
-
CVE-2015-0997 —
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access vi... read CVE-2015-0997
Published: March 29, 2015; 06:59:06 AM -04:00
-
CVE-2015-0998 —
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
Published: March 29, 2015; 06:59:07 AM -04:00
-
CVE-2015-0999 —
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by re... read CVE-2015-0999
Published: March 29, 2015; 06:59:08 AM -04:00
-
CVE-2016-2278 —
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism... read CVE-2016-2278
Published: March 02, 2016; 06:59:02 AM -05:00
-
CVE-2018-16774 —
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
Published: September 10, 2018; 12:29:01 AM -04:00
-
CVE-2018-16773 —
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
Published: September 10, 2018; 12:29:01 AM -04:00
-
CVE-2018-16772 —
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
Published: September 10, 2018; 12:29:01 AM -04:00
-
CVE-2018-16771 —
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
Published: September 10, 2018; 12:29:01 AM -04:00
-
CVE-2017-2629 —
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid pr... read CVE-2017-2629
Published: July 27, 2018; 03:29:00 PM -04:00
-
CVE-2017-2626 —
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
Published: July 27, 2018; 03:29:00 PM -04:00
-
CVE-2017-2640 —
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
Published: July 27, 2018; 02:29:00 PM -04:00
-
CVE-2016-9577 —
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
Published: July 27, 2018; 04:29:00 PM -04:00