Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE vulnerabilities

CVE Vulnerabilities

CVE vulnerabilities is a database of publicly known information security vulnerabilities and exposures.
Page: 12...5 6 7 8 9 out of 2890

CVE-2017-4905 | June 07, 2017
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4904 | June 07, 2017
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4903 | June 07, 2017
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4902 | June 07, 2017
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4900 | June 07, 2017
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4899 | June 07, 2017
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-4898 | June 07, 2017
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1305 | June 07, 2017
IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1196 | June 07, 2017
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1178 | June 07, 2017
IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1125 | June 07, 2017
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.
Severity: Low | Impact score: 2.90 | Exploit score: 3.90
Vendors affected: Ibm

CVE-2017-9469 | June 06, 2017
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9468 | June 06, 2017
In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9465 | June 06, 2017
The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9462 | June 06, 2017
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
Severity: High | Impact score: 10.00 | Exploit score: 8.00
Vendors affected: Mercurial

CVE-2017-9461 | June 06, 2017
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9452 | June 06, 2017
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Severity: Low | Impact score: 2.90 | Exploit score: 6.80
Vendors affected: Piwigo

CVE-2017-9451 | June 06, 2017
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9449 | June 06, 2017
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name.
Severity: Medium | Impact score: 6.40 | Exploit score: 8.00
Vendors affected: Bigtreecms

CVE-2017-9448 | June 06, 2017
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users.
Severity: Low | Impact score: 2.90 | Exploit score: 6.80
Vendors affected: Bigtreecms

CVE-2017-9422 | June 06, 2017
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8920. Reason: This candidate is a reservation duplicate of CVE-2017-8920. Notes: All CVE users should reference CVE-2017-8920 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9332 | June 06, 2017
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8920 | June 06, 2017
irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8083 | June 06, 2017
CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-7515 | June 06, 2017
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Freedesktop

Page: 12...5 6 7 8 9 out of 2890

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »