Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6547 | 1 Formencode | 1 Formencode | 2017-08-17 | 7.5 HIGH | N/A |
| schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2008-6504 | 2 Apache, Opensymphony | 2 Struts, Xwork | 2017-08-17 | 5.0 MEDIUM | N/A |
| ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character. | |||||
| CVE-2008-6298 | 1 Rocketeer.dip | 1 Sisapilocation | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function." | |||||
| CVE-2008-6207 | 1 Phpg Upload | 1 Phpg Upload | 2017-08-17 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in form_upload.php in PHPG Upload 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6171 | 1 Drupal | 1 Drupal | 2017-08-17 | 9.3 HIGH | N/A |
| includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||||
| CVE-2017-7478 | 1 Openvpn | 1 Openvpn | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | |||||
| CVE-2017-7456 | 1 Moxa | 1 Mxview | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. | |||||
| CVE-2017-2442 | 1 Apple | 2 Iphone Os, Safari | 2017-08-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | |||||
| CVE-2016-5267 | 2 Google, Mozilla | 2 Android, Firefox | 2017-08-16 | 4.3 MEDIUM | 5.3 MEDIUM |
| Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. | |||||
| CVE-2016-5251 | 1 Mozilla | 1 Firefox | 2017-08-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL. | |||||
| CVE-2016-2839 | 3 Ffmpeg, Linux, Mozilla | 4 Ffmpeg, Linux Kernel, Firefox and 1 more | 2017-08-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. | |||||
| CVE-2016-1484 | 1 Cisco | 1 Webex Meetings Server | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. | |||||
| CVE-2016-1479 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2017-08-16 | 7.8 HIGH | 7.5 HIGH |
| Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. | |||||
| CVE-2016-1478 | 1 Cisco | 1 Ios | 2017-08-16 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619. | |||||
| CVE-2016-1430 | 1 Cisco | 4 Rv180 Vpn Router, Rv180 Vpn Router Firmware, Rv180w Vpn Router and 1 more | 2017-08-16 | 9.0 HIGH | 8.8 HIGH |
| Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592. | |||||
| CVE-2016-1419 | 1 Cisco | 2 Aironet, Aironet Access Point Software | 2017-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803. | |||||
| CVE-2016-1409 | 1 Cisco | 4 Ios, Ios Xe, Ios Xr and 1 more | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. | |||||
| CVE-2016-1365 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2017-08-16 | 8.5 HIGH | 8.8 HIGH |
| The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507. | |||||
| CVE-2017-11495 | 1 Phicomm | 2 K2\(psg1218\), K2\(psg1218\)-firmware | 2017-08-15 | 9.0 HIGH | 9.8 CRITICAL |
| PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action. | |||||
| CVE-2015-1555 | 1 Zend | 1 Zend Framework | 2017-08-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. | |||||