Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-15197 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15196 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15195 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15194 |
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-15188 |
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-5722 |
Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. Published: October 10, 2017; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 4.4 MEDIUM |
CVE-2017-5721 |
Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory. Published: October 10, 2017; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 4.4 MEDIUM |
CVE-2017-5701 |
Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery. Published: October 10, 2017; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.1 HIGH V2.0: 4.4 MEDIUM |
CVE-2017-5700 |
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage. Published: October 10, 2017; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.4 HIGH V2.0: 7.2 HIGH |
CVE-2017-15226 |
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. Published: October 10, 2017; 7:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-15225 |
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. Published: October 10, 2017; 7:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-8994 |
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. Published: October 10, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-1538 |
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. Published: October 10, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15219 |
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. Published: October 10, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-15193 |
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. Published: October 10, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2017-15192 |
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. Published: October 10, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-15191 |
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. Published: October 10, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-15190 |
In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. Published: October 10, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-15189 |
In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. Published: October 10, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-1503 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. Published: October 10, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |