U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,234 matching records.
Displaying matches 138,581 through 138,600.
Vuln ID Summary CVSS Severity
CVE-2017-14617

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

Published: September 20, 2017; 5:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-14616

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible.

Published: September 20, 2017; 4:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2017-14615

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted.

Published: September 20, 2017; 4:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-9231

iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.

Published: September 20, 2017; 4:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-14610

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.

Published: September 20, 2017; 2:29:01 PM -0400
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2017-14609

The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox.

Published: September 20, 2017; 2:29:01 PM -0400
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

Published: September 20, 2017; 2:29:01 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 5.0 MEDIUM
CVE-2017-14595

In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

Published: September 20, 2017; 2:29:01 PM -0400
V3.0: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2015-7347

Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.

Published: September 20, 2017; 2:29:01 PM -0400
V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2015-6673

Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.

Published: September 20, 2017; 2:29:01 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2015-5608

Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.

Published: September 20, 2017; 2:29:01 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2015-5395

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

Published: September 20, 2017; 2:29:00 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2015-4707

Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.

Published: September 20, 2017; 2:29:00 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-3890

Use-after-free vulnerability in Open Litespeed before 1.3.10.

Published: September 20, 2017; 2:29:00 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-2927

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).

Published: September 20, 2017; 2:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2015-2826

WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.

Published: September 20, 2017; 2:29:00 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2015-1866

Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.

Published: September 20, 2017; 2:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-1865

fts.c in coreutils 8.4 allows local users to delete arbitrary files.

Published: September 20, 2017; 2:29:00 PM -0400
V3.0: 4.7 MEDIUM
V2.0: 3.3 LOW
CVE-2015-0162

IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.

Published: September 20, 2017; 2:29:00 PM -0400
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2014-9758

Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.

Published: September 20, 2017; 2:29:00 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM