Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8697 | 1 Stalin Project | 1 Stalin | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| stalin 0.11-5 allows local users to write to arbitrary files. | |||||
| CVE-2015-7898 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||||
| CVE-2015-7895 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||||
| CVE-2016-9920 | 1 Roundcube | 1 Webmail | 2017-07-01 | 6.0 MEDIUM | 7.5 HIGH |
| steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. | |||||
| CVE-2016-9190 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. | |||||
| CVE-2016-6258 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-07-01 | 7.2 HIGH | 8.8 HIGH |
| The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | |||||
| CVE-2016-3105 | 2 Debian, Mercurial | 2 Debian Linux, Mercurial | 2017-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | |||||
| CVE-2016-2820 | 1 Mozilla | 1 Firefox | 2017-07-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | |||||
| CVE-2016-2816 | 1 Mozilla | 1 Firefox | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. | |||||
| CVE-2016-5801 | 1 Omnimetrix | 1 Omniview | 2017-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords. | |||||
| CVE-2015-2692 | 1 Adblock | 1 Adblock | 2017-06-20 | 6.4 MEDIUM | 10.0 CRITICAL |
| AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters. | |||||
| CVE-2016-7811 | 1 Corega | 2 Cg-wlr300nx, Cg-wlr300nx Firmware | 2017-06-16 | 5.8 MEDIUM | 8.8 HIGH |
| Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors. | |||||
| CVE-2016-7807 | 1 Iodata | 2 Wfs-sr01, Wfs-sr01 Firmware | 2017-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. | |||||
| CVE-2016-7824 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2017-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. | |||||
| CVE-2016-7833 | 1 Cybozu | 1 Dezie | 2017-06-14 | 6.4 MEDIUM | 7.5 HIGH |
| Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | |||||
| CVE-2015-3295 | 1 Markdown-it Project | 1 Markdown-it | 2017-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| markdown-it before 4.1.0 does not block data: URLs. | |||||
| CVE-2016-6098 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-06-13 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | |||||
| CVE-2016-0768 | 1 Postgresql | 1 Postgresql | 2017-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. | |||||
| CVE-2016-4910 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. | |||||
| CVE-2016-7801 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. | |||||