The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2016-5178 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | HIGH | May 23, 2017 |
CVE-2016-5735 | Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. | MEDIUM | May 23, 2017 |
CVE-2016-5979 | IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379. | MEDIUM | May 23, 2017 |
CVE-2016-7977 | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. | MEDIUM | May 23, 2017 |
CVE-2016-7978 | Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. | HIGH | May 23, 2017 |
CVE-2016-7979 | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. | HIGH | May 23, 2017 |
CVE-2016-9735 | IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, | MEDIUM | May 23, 2017 |
CVE-2016-9750 | IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. | MEDIUM | May 23, 2017 |
CVE-2017-0373 | The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous use lib line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. | MEDIUM | May 23, 2017 |
CVE-2017-0374 | lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array. | MEDIUM | May 23, 2017 |
CVE-2017-1289 | IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. | MEDIUM | May 23, 2017 |
CVE-2017-2501 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the Kernel component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | HIGH | May 23, 2017 |
CVE-2017-2502 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the CoreAudio component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | MEDIUM | May 23, 2017 |
CVE-2017-2507 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the Kernel component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | MEDIUM | May 23, 2017 |
CVE-2017-2513 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the SQLite component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement. | HIGH | May 23, 2017 |
CVE-2017-2518 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the SQLite component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. | HIGH | May 23, 2017 |
CVE-2017-2519 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the SQLite component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement. | HIGH | May 23, 2017 |
CVE-2017-2520 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the SQLite component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. | HIGH | May 23, 2017 |
CVE-2017-2523 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the Foundation component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. | HIGH | May 23, 2017 |
CVE-2017-2524 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the TextInput component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. | HIGH | May 23, 2017 |
CVE-2017-2783 | An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious xls file to trigger this vulnerability. | MEDIUM | May 23, 2017 |
CVE-2017-2793 | An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. | MEDIUM | May 23, 2017 |
CVE-2017-2794 | An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability. | MEDIUM | May 23, 2017 |
CVE-2017-2797 | An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. | MEDIUM | May 23, 2017 |
CVE-2017-3128 | A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | LOW | May 23, 2017 |
CVE-2017-4011 | Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request. | MEDIUM | May 23, 2017 |
CVE-2017-4012 | Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request. | MEDIUM | May 23, 2017 |
CVE-2017-4013 | Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header. | MEDIUM | May 23, 2017 |
CVE-2017-4014 | Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request. | MEDIUM | May 23, 2017 |
CVE-2017-4015 | Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. | LOW | May 23, 2017 |
CVE-2017-4016 | Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header. | MEDIUM | May 23, 2017 |
CVE-2017-4017 | User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface. | MEDIUM | May 23, 2017 |
CVE-2017-5870 | Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password. | LOW | May 23, 2017 |
CVE-2017-5965 | The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a .. in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file. | MEDIUM | May 23, 2017 |
CVE-2017-5966 | Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. | MEDIUM | May 23, 2017 |
CVE-2017-6131 | In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. | HIGH | May 23, 2017 |
CVE-2017-6813 | A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations. | HIGH | May 23, 2017 |
CVE-2017-6821 | Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | HIGH | May 23, 2017 |
CVE-2017-6979 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the IOSurface component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | HIGH | May 23, 2017 |
CVE-2017-6987 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the Kernel component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | MEDIUM | May 23, 2017 |
CVE-2017-7288 | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | May 23, 2017 |
CVE-2017-7487 | The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. | HIGH | May 23, 2017 |
CVE-2017-7489 | In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. | MEDIUM | May 23, 2017 |
CVE-2017-7490 | In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | MEDIUM | May 23, 2017 |
CVE-2017-7491 | In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the number of courses displayed in the course overview block configuration setting. | MEDIUM | May 23, 2017 |
CVE-2017-8309 | Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | HIGH | May 23, 2017 |
CVE-2017-8310 | Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. | MEDIUM | May 23, 2017 |
CVE-2017-8311 | Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. | MEDIUM | May 23, 2017 |
CVE-2017-8312 | Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. | MEDIUM | May 23, 2017 |
CVE-2017-8313 | Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. | MEDIUM | May 23, 2017 |