Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE vulnerabilities

CVE Vulnerabilities

CVE vulnerabilities is a database of publicly known information security vulnerabilities and exposures.
Page: 12...4 5 6 7 8 out of 2890

CVE-2017-4909 | June 08, 2017
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4908 | June 08, 2017
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4907 | June 08, 2017
VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4901 | June 08, 2017
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
Severity: High | Impact score: 6.40 | Exploit score: 10.00
Vendors affected: Vmware

CVE-2017-1319 | June 08, 2017
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1179 | June 08, 2017
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1140 | June 08, 2017
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9501 | June 07, 2017
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Imagemagick

CVE-2017-9500 | June 07, 2017
In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Imagemagick

CVE-2017-9499 | June 07, 2017
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Imagemagick

CVE-2017-9474 | June 07, 2017
In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Ytnef_project

CVE-2017-9473 | June 07, 2017
In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Ytnef_project

CVE-2017-9472 | June 07, 2017
In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Ytnef_project

CVE-2017-9471 | June 07, 2017
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Ytnef_project

CVE-2017-9470 | June 07, 2017
In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Ytnef_project

CVE-2017-9355 | June 07, 2017
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-7966 | June 07, 2017
A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-7965 | June 07, 2017
A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-7564 | June 07, 2017
In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-7563 | June 07, 2017
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-7314 | June 07, 2017
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-7313 | June 07, 2017
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-7312 | June 07, 2017
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4917 | June 07, 2017
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4914 | June 07, 2017
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
Severity: | Impact score: 0.00 | Exploit score: 0.00

Page: 12...4 5 6 7 8 out of 2890

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »