Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-9976 |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. Published: May 03, 2017; 1:59:00 PM -0400 |
V3.0: 8.4 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-2930 |
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. Published: May 03, 2017; 1:59:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-0382 |
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356. Published: May 03, 2017; 1:59:00 PM -0400 |
V3.0: 4.0 MEDIUM V2.0: 2.1 LOW |
CVE-2017-5240 |
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash. Published: May 03, 2017; 12:59:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-5236 |
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. Published: May 03, 2017; 12:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-8459 |
Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results Published: May 03, 2017; 10:59:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-8458 |
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. Published: May 03, 2017; 10:59:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-10368 |
Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI. Published: May 03, 2017; 6:59:00 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2016-10367 |
In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. Published: May 03, 2017; 6:59:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-9058 |
Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. Published: May 03, 2017; 6:59:00 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2015-9057 |
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. Published: May 03, 2017; 6:59:00 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-8455 |
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. Published: May 03, 2017; 1:59:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-8454 |
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. Published: May 03, 2017; 1:59:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-8453 |
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. Published: May 03, 2017; 1:59:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-7432 |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. Published: May 03, 2017; 1:59:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7431 |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. Published: May 03, 2017; 1:59:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-7430 |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. Published: May 03, 2017; 1:59:00 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-7428 |
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. Published: May 03, 2017; 1:59:00 AM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-0331 |
An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331. Published: May 02, 2017; 5:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2015-9004 |
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. Published: May 02, 2017; 5:59:00 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |