Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE vulnerabilities

CVE Vulnerabilities

CVE vulnerabilities is a database of publicly known information security vulnerabilities and exposures.
Page: 123456 out of 2784

CVE-2017-6313 | March 09, 2017
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Gnome

CVE-2017-6312 | March 09, 2017
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Gnome

CVE-2017-6311 | March 09, 2017
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.
Severity: Medium | Impact score: 2.90 | Exploit score: 10.00
Vendors affected: Gnome

CVE-2017-5872 | March 09, 2017
The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruption) via a client hello with a signature_algorithms extension above those defined in RFC 5246, which triggers a full memory dump.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4960 | March 09, 2017
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-6544 | March 08, 2017
Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter).
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Wuhu_project

CVE-2017-6543 | March 08, 2017
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.
Severity: Medium | Impact score: 6.40 | Exploit score: 6.80
Vendors affected: Tenable

CVE-2017-6541 | March 08, 2017
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Webpagetest_project

CVE-2017-6540 | March 08, 2017
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (configs) passed to the webpagetest-master/www/benchmarks/compare.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Webpagetest_project

CVE-2017-6539 | March 08, 2017
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/delta.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Webpagetest_project

CVE-2017-6538 | March 08, 2017
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (video) passed to the webpagetest-master/www/speedindex/index.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Webpagetest_project

CVE-2017-6537 | March 08, 2017
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Webpagetest_project

CVE-2017-6536 | March 08, 2017
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (url, pssid) passed to the webpagetest-master/www/weblite.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Webpagetest_project

CVE-2017-6535 | March 08, 2017
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Webpagetest_project

CVE-2017-6534 | March 08, 2017
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (pssid) passed to the webpagetest-master/www/pss.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Webpagetest_project

CVE-2017-6533 | March 08, 2017
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (benchmark) passed to the webpagetest-master/www/benchmarks/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Webpagetest_project

CVE-2017-5178 | March 08, 2017
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1150 | March 08, 2017
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.
Severity: Low | Impact score: 2.90 | Exploit score: 6.80
Vendors affected: Ibm

CVE-2017-6518 | March 07, 2017
Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Sanadata

CVE-2017-6511 | March 07, 2017
andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Finecms_project

CVE-2017-6509 | March 07, 2017
Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter).
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Burgundy-cms_project

CVE-2017-6508 | March 07, 2017
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Gnu

CVE-2017-5681 | March 07, 2017
The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
Severity: Medium | Impact score: 2.90 | Exploit score: 10.00
Vendors affected: Intel

CVE-2017-3159 | March 07, 2017
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.
Severity: High | Impact score: 6.40 | Exploit score: 10.00
Vendors affected: Apache

CVE-2017-2636 | March 07, 2017
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
Severity: High | Impact score: 10.00 | Exploit score: 3.90
Vendors affected: Linux

Page: 123456 out of 2784

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »