Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-0332 |
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2016-0327 |
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2016-0324 |
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2015-3888 |
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-2981 |
The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-2298 |
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-8166 |
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 5.1 MEDIUM |
CVE-2014-7952 |
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2014-6437 |
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2014-6436 |
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2014-6435 |
cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-3471 |
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. Published: January 12, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-0869 |
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869. Published: January 12, 2018; 10:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-2158 |
Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive. Published: January 12, 2018; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2017-16864 |
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. Published: January 12, 2018; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-16862 |
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. Published: January 12, 2018; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14594 |
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. Published: January 12, 2018; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-5377 |
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. Published: January 12, 2018; 4:29:02 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-5376 |
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. Published: January 12, 2018; 4:29:02 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-5375 |
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. Published: January 12, 2018; 4:29:02 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |