Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-5045 |
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. Published: July 03, 2017; 12:29:00 PM -0400 |
V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-3998 |
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. Published: July 03, 2017; 12:29:00 PM -0400 |
V3.0: 8.1 HIGH V2.0: 5.1 MEDIUM |
CVE-2016-3997 |
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. Published: July 03, 2017; 12:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-3400 |
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. Published: July 03, 2017; 12:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-10798 |
In ObjectPlanet Opinio before 7.6.4, there is XSS. Published: July 02, 2017; 11:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-10800 |
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. Published: July 02, 2017; 9:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-10799 |
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). Published: July 02, 2017; 9:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-10796 |
On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. Published: July 02, 2017; 6:29:00 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2017-10794 |
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. Published: July 02, 2017; 6:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-8894 |
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine. Published: July 02, 2017; 1:29:00 PM -0400 |
V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-8893 |
AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service. Published: July 02, 2017; 1:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-8797 |
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system. Published: July 02, 2017; 1:29:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2017-0377 |
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. Published: July 02, 2017; 11:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-10795 |
Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. Published: July 02, 2017; 9:29:00 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-10706 |
When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used. Published: July 02, 2017; 9:29:00 AM -0400 |
V3.0: 6.2 MEDIUM V2.0: 2.1 LOW |
CVE-2017-10792 |
There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. Published: July 01, 2017; 11:29:00 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-10791 |
There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. Published: July 01, 2017; 11:29:00 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-10790 |
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. Published: July 01, 2017; 11:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-10789 |
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. Published: July 01, 2017; 2:29:00 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-10788 |
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. Published: July 01, 2017; 2:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |