| CVE-2017-0160 |
5.9 |
.NET Framework |
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0160 |
| CVE-2017-0248 |
3.6 |
.NET Framework |
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0248 |
| CVE-2017-8585 |
3.6 |
.NET Framework |
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8585 |
| CVE-2026-42212 |
N/A |
.NET Framework |
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory (naming convention: foo.gpp to foo.vmid). The VMID parser called XDocument.Load(path) without any XmlReaderSettings, inheriting the framework defaults which in .NET 8 allow DTD processing. A malicious .vmid file could therefore: disclose local files via external entity references, exhaust memory via recursive entity expansion, and cause denial of service via oversized or deeply nested XML. This issue has been patched in version 1.0.2. |
2026-05-12T16:43:27.870 |
https://cve.circl.lu/cve/CVE-2026-42212 |
| CVE-2017-3736 |
3.6 |
ADX |
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3736 |
| CVE-2017-3738 |
3.6 |
ADX |
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3738 |
| CVE-2026-43307 |
5.9 |
ADX |
In the Linux kernel, the following vulnerability has been resolved:iio: accel: adxl380: Avoid reading more entries than present in FIFOThe interrupt handler reads FIFO entries in batches of N samples, where Nis the number of scan elements that have been enabled. However, the sensorfills the FIFO one sample at a time, even when more than one channel isenabled. Therefore,the number of entries reported by the FIFO statusregisters may not be a multiple of N; if this number is not a multiple, thenumber of entries read from the FIFO may exceed the number of entriesactually present.To fix the above issue, round down the number of FIFO entries read from thestatus registers so that it is always a multiple of N. |
2026-05-15T19:51:42.040 |
https://cve.circl.lu/cve/CVE-2026-43307 |
| CVE-2017-5527 |
1.4 |
AWS |
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5527 |
| CVE-2017-5528 |
5.9 |
AWS |
Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5528 |
| CVE-2017-5529 |
1.4 |
AWS |
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5529 |
| CVE-2017-14705 |
5.9 |
AWS |
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-14705 |
| CVE-2017-14706 |
5.9 |
AWS |
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-14706 |
| CVE-2017-2929 |
2.7 |
Adobe |
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2929 |
| CVE-2017-2970 |
5.9 |
Adobe |
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2970 |
| CVE-2017-2971 |
5.9 |
Adobe |
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2971 |
| CVE-2017-2972 |
5.9 |
Adobe |
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing. Successful exploitation could lead to arbitrary code execution. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2972 |
| CVE-2017-2968 |
5.2 |
Adobe |
Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2968 |
| CVE-2017-4895 |
6.0 |
Airwatch |
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4895 |
| CVE-2017-4896 |
1.4 |
Airwatch |
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4896 |
| CVE-2017-4930 |
2.7 |
Airwatch |
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4930 |
| CVE-2017-4931 |
5.9 |
Airwatch |
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4931 |
| CVE-2017-4932 |
5.9 |
Airwatch |
VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4932 |
| CVE-2017-6189 |
5.9 |
Amazon |
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6189 |
| CVE-2015-7292 |
5.9 |
Amazon |
Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7292 |
| CVE-2017-14622 |
2.7 |
Amazon |
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-14622 |
| CVE-2017-9450 |
5.9 |
Amazon |
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9450 |
| CVE-2017-16867 |
3.6 |
Amazon |
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-16867 |
| CVE-2016-10140 |
3.6 |
Apache |
Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10140 |
| CVE-2015-3188 |
5.9 |
Apache |
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-3188 |
| CVE-2016-6497 |
3.6 |
Apache |
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6497 |
| CVE-2017-5169 |
5.9 |
Apache |
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5169 |
| CVE-2017-6056 |
3.6 |
Apache |
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6056 |
| CVE-2017-5545 |
5.2 |
Apple |
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5545 |
| CVE-2016-5546 |
3.6 |
Apple |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5546 |
| CVE-2016-5547 |
1.4 |
Apple |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5547 |
| CVE-2016-5548 |
3.6 |
Apple |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5548 |
| CVE-2016-5549 |
3.6 |
Apple |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5549 |
| CVE-2017-9476 |
3.6 |
Arris |
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9476 |
| CVE-2017-9490 |
5.9 |
Arris |
The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9490 |
| CVE-2017-9491 |
1.4 |
Arris |
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9491 |
| CVE-2017-9492 |
3.6 |
Arris |
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9492 |
| CVE-2017-9521 |
5.9 |
Arris |
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service. NOTE: the scope of this CVE does NOT include the concept of "Unnecessary Services" in general; the scope is only a single service that is unnecessarily exposed, leading to remote code execution. The details of that service might be disclosed at a later date. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9521 |
| CVE-2015-3653 |
5.9 |
Aruba |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-3653 |
| CVE-2015-3654 |
5.9 |
Aruba |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-3654 |
| CVE-2015-3655 |
5.9 |
Aruba |
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-3655 |
| CVE-2015-3656 |
5.9 |
Aruba |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-3656 |
| CVE-2015-3657 |
5.9 |
Aruba |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-3657 |
| CVE-2016-6283 |
2.7 |
Atlassian |
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6283 |
| CVE-2016-6668 |
3.6 |
Atlassian |
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6668 |
| CVE-2016-6285 |
2.7 |
Atlassian |
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6285 |
| CVE-2016-4317 |
2.7 |
Atlassian |
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4317 |
| CVE-2016-4318 |
2.7 |
Atlassian |
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4318 |
| CVE-2017-6506 |
5.9 |
Azure |
In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6506 |
| CVE-2017-4964 |
6.0 |
Azure |
Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4964 |
| CVE-2017-6131 |
5.9 |
Azure |
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6131 |
| CVE-2017-8613 |
5.9 |
Azure |
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8613 |
| CVE-2017-9653 |
5.9 |
Azure |
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9653 |
| CVE-2016-10142 |
4.0 |
Atom |
An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10142 |
| CVE-2016-2399 |
5.9 |
Atom |
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-2399 |
| CVE-2016-8739 |
3.6 |
Atom |
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8739 |
| CVE-2017-12980 |
2.7 |
Atom |
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-12980 |
| CVE-2017-13723 |
5.9 |
Atom |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-13723 |
| CVE-2017-0247 |
3.6 |
ASP.NET |
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0247 |
| CVE-2017-0249 |
3.4 |
ASP.NET |
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0249 |
| CVE-2017-0256 |
1.4 |
ASP.NET |
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0256 |
| CVE-2017-9140 |
2.7 |
ASP.NET |
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9140 |
| CVE-2017-11879 |
5.9 |
ASP.NET |
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-11879 |
| CVE-2026-41432 |
4.2 |
Artificial Intelligence |
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. This issue has been patched in version 0.12.10. |
2026-05-18T18:28:06.997 |
https://cve.circl.lu/cve/CVE-2026-41432 |
| CVE-2026-42339 |
4.2 |
Artificial Intelligence |
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 (CVE-2025-59146) and hardened in v0.9.6 (CVE-2025-62155) does not block the unspecified address 0.0.0.0. A regular (non-admin) user holding any valid API token can send a multimodal request to /v1/chat/completions, /v1/responses, or /v1/messages with 0.0.0.0 as the image/file URL host, bypassing the private-IP filter and causing the server to issue HTTP requests to localhost. This constitutes at minimum a blind SSRF; when the request is routed through an AWS/Bedrock Claude adaptor, the fetched content is inlined into the model response, upgrading it to a full-read SSRF. At time of publication, there are no publicly available patches. |
2026-05-18T14:56:00.500 |
https://cve.circl.lu/cve/CVE-2026-42339 |
| CVE-2026-43899 |
6.0 |
Artificial Intelligence |
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass (RCE). While the patch correctly restricted api.openExternal() inside the renderer's preload/index.ts script, it structurally neglected to sanitize native Electron pop-up window handlers. An attacker or a compromised AI endpoint returning a Markdown link can trigger a target="_blank" native window interception in tabPresenter.ts, which forwards the malicious URL directly to shell.openExternal(url) and completely bypasses the isValidExternalUrl security boundary. This vulnerability is fixed in v1.0.4-beta.1. |
2026-05-12T14:50:18.527 |
https://cve.circl.lu/cve/CVE-2026-43899 |
| CVE-2026-43900 |
5.8 |
Artificial Intelligence |
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer (src/main/lib/svgSanitizer.ts) restricts script execution by scrubbing javascript: protocols using plain-text regular expressions. However, it fails to account for HTML entity decoding prior to Vue's v-html DOM insertion inside the SvgArtifact.vue component. By feeding an SVG artifact with obfuscated entities (e.g., javascript:alert(1)), an attacker can completely bypass the sanitizer, culminating in arbitrary JavaScript execution when a victim interacts with the rendered SVG Element. This vulnerability is fixed in v1.0.4-beta.1. |
2026-05-12T14:50:18.527 |
https://cve.circl.lu/cve/CVE-2026-43900 |
| CVE-2025-32425 |
N/A |
Artificial Intelligence |
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and stored as "container logs". However, prior to 0.6.32, there is no limit on the log size when the container is deployed. When the number of user accesses is too large, the log on the server disk will be too large, causing disk resource exhaustion and eventually causing DoS. autogpt-platform-beta-v0.6.32 fixes the issue. |
2026-05-13T16:32:31.457 |
https://cve.circl.lu/cve/CVE-2025-32425 |
| CVE-2017-14397 |
5.9 |
AnyDesk |
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-14397 |
| CVE-2017-3813 |
5.9 |
AnyConnect |
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3813 |
| CVE-2017-6638 |
5.9 |
AnyConnect |
A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability. This vulnerability affects all Cisco AnyConnect Secure Mobility Client for Windows software versions prior to 4.4.02034. Cisco Bug IDs: CSCvc97928. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6638 |
| CVE-2017-6788 |
2.7 |
AnyConnect |
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6788 |
| CVE-2017-12268 |
4.0 |
AnyConnect |
A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-12268 |
| CVE-2016-4948 |
2.7 |
Active Directory |
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4948 |
| CVE-2017-0043 |
3.6 |
Active Directory |
Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0043 |
| CVE-2017-6183 |
5.9 |
Active Directory |
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6183 |
| CVE-2017-2402 |
5.9 |
Active Directory |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2402 |
| CVE-2017-0164 |
3.6 |
Active Directory |
A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0164 |
| CVE-2015-6240 |
5.9 |
Ansible |
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-6240 |
| CVE-2014-3498 |
5.9 |
Ansible |
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-3498 |
| CVE-2017-2809 |
5.9 |
Ansible |
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2809 |
| CVE-2017-7550 |
5.9 |
Ansible |
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7550 |
| CVE-2017-1000379 |
5.9 |
AMD64 |
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-1000379 |
| CVE-2017-8932 |
3.6 |
AMD64 |
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8932 |
| CVE-2019-11840 |
3.6 |
AMD64 |
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications. |
2026-05-18T12:04:40.143 |
https://cve.circl.lu/cve/CVE-2019-11840 |
| CVE-2016-10157 |
5.9 |
Akamai |
Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10157 |
| CVE-2017-12256 |
3.6 |
Akamai |
A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions. Cisco Bug IDs: CSCve82472. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-12256 |
| CVE-2026-34354 |
5.9 |
Akamai |
Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the HandleSaveLogs() function of the GPA service, by creating a log file and manipulating it into a symlink that points to the targeted path; this can allow an unprivileged local user to make arbitrary root-owned files world-writable. In addition, a diagnostic collection tool (gimmelogs) running with root privileges was vulnerable to command injection from the dbstore, offering a second privilege escalation vector. (On Windows, gimmelogs does not have command injection but does allow writing a ZIP archive to an unintended location.) This affects Akamai Guardicore Platform Agent 7.0 through 7.3.1 and Akamai Zero Trust Client 6.0 through 6.1.5. |
2026-05-12T15:10:27.993 |
https://cve.circl.lu/cve/CVE-2026-34354 |
| CVE-2017-5682 |
5.9 |
AMP |
Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5682 |
| CVE-2017-5661 |
5.2 |
AMP |
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5661 |
| CVE-2017-5662 |
5.2 |
AMP |
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5662 |
| CVE-2017-6519 |
5.2 |
AMP |
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6519 |
| CVE-2017-6520 |
5.2 |
AMP |
The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6520 |
| CVE-2016-3128 |
4.2 |
BlackBerry |
A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-3128 |
| CVE-2016-3130 |
5.9 |
BlackBerry |
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-3130 |
| CVE-2017-3890 |
2.7 |
BlackBerry |
A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3890 |
| CVE-2016-3127 |
3.6 |
BlackBerry |
An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-3127 |
| CVE-2016-1914 |
5.9 |
BlackBerry |
Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-1914 |
| CVE-2016-2147 |
3.6 |
BusyBox |
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-2147 |
| CVE-2016-2148 |
5.9 |
BusyBox |
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-2148 |
| CVE-2014-9645 |
3.6 |
BusyBox |
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9645 |
| CVE-2017-5671 |
6.0 |
BusyBox |
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5671 |
| CVE-2011-5325 |
3.6 |
BusyBox |
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2011-5325 |
| CVE-2017-17876 |
3.6 |
Biometric |
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-17876 |
| CVE-2017-17989 |
2.7 |
Biometric |
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-17989 |
| CVE-2017-17990 |
5.9 |
Biometric |
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-17990 |
| CVE-2017-17991 |
2.7 |
Biometric |
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-17991 |
| CVE-2017-17992 |
5.9 |
Biometric |
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-17992 |
| CVE-2017-9230 |
3.6 |
Bitcoin |
The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9230 |
| CVE-2026-44714 |
3.6 |
Bitcoin |
The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify that the public key is the one committed to by the output being spent. As a result, any attacker keypair can satisfy bitcoinj's local verification for arbitrary P2PKH and P2WPKH outputs. This vulnerability is fixed in 0.17.1. |
2026-05-18T19:59:59.590 |
https://cve.circl.lu/cve/CVE-2026-44714 |
| CVE-2017-6320 |
5.9 |
Barracuda |
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6320 |
| CVE-2014-8426 |
5.9 |
Barracuda |
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-8426 |
| CVE-2014-8428 |
5.9 |
Barracuda |
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-8428 |
| CVE-2026-43487 |
N/A |
Barracuda |
In the Linux kernel, the following vulnerability has been resolved:ata: libata-core: Disable LPM on ST1000DM010-2EP102According to a user report, the ST1000DM010-2EP102 has problems with LPM,causing random system freezes. The drive belongs to the same BarraCudafamily as the ST2000DM008-2FR102 which has the same issue. |
2026-05-13T16:16:51.997 |
https://cve.circl.lu/cve/CVE-2026-43487 |
| CVE-2017-9860 |
5.9 |
Botnet |
An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by "a final integrity and compatibility check." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9860 |
| CVE-2017-15361 |
3.6 |
BitLocker |
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15361 |
| CVE-2014-9909 |
5.9 |
Broadcom |
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9909 |
| CVE-2014-9910 |
5.9 |
Broadcom |
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9910 |
| CVE-2017-0430 |
5.9 |
Broadcom |
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0430 |
| CVE-2017-0449 |
5.9 |
Broadcom |
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10. Android ID: A-31707909. References: B-RB#32094. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0449 |
| CVE-2017-0509 |
5.9 |
Broadcom |
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0509 |
| CVE-2017-6186 |
5.9 |
BitDefender |
Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6186 |
| CVE-2017-10950 |
5.9 |
BitDefender |
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4776. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-10950 |
| CVE-2017-10954 |
5.9 |
BitDefender |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-10954 |
| CVE-2017-17408 |
5.9 |
BitDefender |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-17408 |
| CVE-2017-17409 |
5.9 |
BitDefender |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-17409 |
| CVE-2017-5475 |
5.9 |
CSRF |
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5475 |
| CVE-2017-5476 |
5.9 |
CSRF |
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5476 |
| CVE-2016-8201 |
5.9 |
CSRF |
A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8201 |
| CVE-2017-5368 |
5.9 |
CSRF |
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5368 |
| CVE-2016-5809 |
5.9 |
CSRF |
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5809 |
| CVE-2016-9216 |
1.4 |
Cisco |
An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0. Known Fixed Releases: 20.0.0 20.0.0.63250 20.0.M0.63148 20.0.R0.63294 20.0.R0.63316 20.0.V0.63170 20.0.VG0.63188 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.A0.63166 20.2.A0.63174 20.1.A0.63232 20.2.A0.63237 20.0.M0.63226 20.0.M0.63229 20.0.R0.63294 20.0.R0.63316 20.0.V0.63263 20.0.VG0.63233 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.0 20.1.0.63959 20.1.M0.63876 20.1.T0.63886 20.1.V0.64231 20.1.VA0.64194 20.1.VB0.64210 20.1.a0 20.1.a0.64023 20.1.v0 20.1.v0.64607 20.2.A0.63895 21.0.0 21.0.0.65256 21.0.M0.63881 21.0.M0.64281 21.0.PP0.64366 21.0.V0.65052 21.0.v0 21.0.v0.65831 21.0.vb0.65887 21.1.R0.65130 21.1.R0.65135. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9216 |
| CVE-2016-9218 |
5.9 |
Cisco |
A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9218 |
| CVE-2016-9220 |
1.4 |
Cisco |
A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9220 |
| CVE-2016-9221 |
1.4 |
Cisco |
A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility Express 2800 Series and 3800 Series Access Points when configured in local mode in 40 MHz. More Information: CSCvb33575. Known Affected Releases: 8.2(121.12) 8.4(1.82). Known Fixed Releases: 8.2(131.2) 8.2(131.3) 8.2(131.4) 8.2(141.0) 8.3(104.53) 8.3(104.54) 8.4(1.80) 8.4(1.85). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9221 |
| CVE-2016-9222 |
2.7 |
Cisco |
A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb15229. Known Affected Releases: 1.0(2). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9222 |
| CVE-2016-9676 |
5.9 |
Citrix |
Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9676 |
| CVE-2016-9677 |
1.4 |
Citrix |
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9677 |
| CVE-2016-9678 |
5.9 |
Citrix |
Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9678 |
| CVE-2016-9679 |
5.9 |
Citrix |
Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9679 |
| CVE-2016-9680 |
3.6 |
Citrix |
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9680 |
| CVE-2013-7459 |
5.9 |
Cryptograph |
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2013-7459 |
| CVE-2016-5919 |
3.6 |
Cryptograph |
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5919 |
| CVE-2016-4693 |
3.6 |
Cryptograph |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4693 |
| CVE-2015-4056 |
5.9 |
Cryptograph |
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-4056 |
| CVE-2017-3264 |
1.4 |
CRM |
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 3.1 (Integrity impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3264 |
| CVE-2017-3325 |
4.7 |
CRM |
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3325 |
| CVE-2017-3330 |
4.7 |
CRM |
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 7.6 (Confidentiality and Integrity impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3330 |
| CVE-2017-3418 |
4.7 |
CRM |
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3418 |
| CVE-2017-3419 |
4.7 |
CRM |
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3419 |
| CVE-2017-7174 |
5.9 |
Chef |
The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7174 |
| CVE-2017-1000026 |
3.6 |
Chef |
Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-1000026 |
| CVE-2015-8559 |
3.6 |
Chef |
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8559 |
| CVE-2016-10177 |
5.9 |
D-Link |
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10177 |
| CVE-2016-10178 |
5.9 |
D-Link |
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10178 |
| CVE-2016-10179 |
3.6 |
D-Link |
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10179 |
| CVE-2016-10180 |
3.6 |
D-Link |
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10180 |
| CVE-2016-10181 |
3.6 |
D-Link |
An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10181 |
| CVE-2017-0290 |
5.9 |
Defender |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0290 |
| CVE-2017-8535 |
3.6 |
Defender |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8535 |
| CVE-2017-8536 |
3.6 |
Defender |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8536 |
| CVE-2017-8537 |
3.6 |
Defender |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8537 |
| CVE-2017-8538 |
5.9 |
Defender |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8538 |
| CVE-2015-7270 |
5.9 |
Dell |
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7270 |
| CVE-2015-7271 |
5.9 |
Dell |
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7271 |
| CVE-2015-7272 |
5.9 |
Dell |
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7272 |
| CVE-2015-7273 |
5.9 |
Dell |
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7273 |
| CVE-2015-7274 |
5.9 |
Dell |
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7274 |
| CVE-2026-32244 |
1.4 |
Discourse |
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. To work around this issue, restrict summary generation by tightening the allowed groups on the summarization Personas. |
2026-05-19T00:16:37.100 |
https://cve.circl.lu/cve/CVE-2026-32244 |
| CVE-2026-33514 |
N/A |
Discourse |
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively for categories they are not authorized to access. Impact is limited to disclosure of site configuration metadata. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. |
2026-05-19T02:16:16.210 |
https://cve.circl.lu/cve/CVE-2026-33514 |
| CVE-2017-6591 |
2.7 |
Django |
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6591 |
| CVE-2017-7233 |
2.7 |
Django |
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7233 |
| CVE-2017-7234 |
2.7 |
Django |
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7234 |
| CVE-2015-5081 |
5.9 |
Django |
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-5081 |
| CVE-2017-12794 |
2.7 |
Django |
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-12794 |
| CVE-2016-7569 |
3.6 |
Docker |
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7569 |
| CVE-2016-8954 |
5.9 |
Docker |
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8954 |
| CVE-2017-6507 |
3.6 |
Docker |
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6507 |
| CVE-2017-7412 |
5.9 |
Docker |
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7412 |
| CVE-2017-8928 |
5.9 |
Docker |
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8928 |
| CVE-2017-7886 |
5.9 |
Dolibarr |
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7886 |
| CVE-2017-7887 |
2.7 |
Dolibarr |
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7887 |
| CVE-2017-7888 |
5.9 |
Dolibarr |
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7888 |
| CVE-2017-8879 |
5.9 |
Dolibarr |
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8879 |
| CVE-2017-9435 |
5.9 |
Dolibarr |
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9435 |
| CVE-2016-4484 |
5.9 |
Debian |
The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4484 |
| CVE-2016-9774 |
5.9 |
Debian |
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9774 |
| CVE-2016-9775 |
5.9 |
Debian |
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9775 |
| CVE-2017-6964 |
5.9 |
Debian |
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6964 |
| CVE-2026-33821 |
4.0 |
Dynamics 365 |
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. |
2026-05-15T18:26:18.667 |
https://cve.circl.lu/cve/CVE-2026-33821 |
| CVE-2026-42833 |
6.0 |
Dynamics 365 |
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. |
2026-05-14T14:26:21.660 |
https://cve.circl.lu/cve/CVE-2026-42833 |
| CVE-2026-42898 |
6.0 |
Dynamics 365 |
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. |
2026-05-14T14:31:46.783 |
https://cve.circl.lu/cve/CVE-2026-42898 |
| CVE-2016-8213 |
2.7 |
EMC |
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8213 |
| CVE-2016-9870 |
5.9 |
EMC |
EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9870 |
| CVE-2016-8214 |
5.9 |
EMC |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8214 |
| CVE-2016-8215 |
2.7 |
EMC |
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8215 |
| CVE-2016-0890 |
4.7 |
EMC |
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0890 |
| CVE-2017-4902 |
6.0 |
ESXi |
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4902 |
| CVE-2017-4903 |
6.0 |
ESXi |
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4903 |
| CVE-2017-4904 |
6.0 |
ESXi |
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4904 |
| CVE-2017-4905 |
3.6 |
ESXi |
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4905 |
| CVE-2017-4924 |
6.0 |
ESXi |
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4924 |
| CVE-2017-7243 |
3.6 |
Eclipse |
Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7243 |
| CVE-2016-4800 |
5.9 |
Eclipse |
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4800 |
| CVE-2016-1000221 |
3.6 |
Elasticsearch |
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-1000221 |
| CVE-2016-10362 |
3.6 |
Elasticsearch |
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10362 |
| CVE-2017-8442 |
3.6 |
Elasticsearch |
Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8442 |
| CVE-2015-4165 |
5.9 |
Elasticsearch |
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-4165 |
| CVE-2017-12629 |
5.9 |
Elasticsearch |
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-12629 |
| CVE-2017-2790 |
5.9 |
Excel |
When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2790 |
| CVE-2017-0006 |
5.9 |
Excel |
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0006 |
| CVE-2017-0020 |
5.9 |
Excel |
Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0020 |
| CVE-2017-0027 |
3.6 |
Excel |
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0027 |
| CVE-2017-0052 |
5.9 |
Excel |
Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0052 |
| CVE-2016-6886 |
3.6 |
Exchange |
The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6886 |
| CVE-2014-9754 |
3.6 |
Exchange |
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9754 |
| CVE-2014-9755 |
3.6 |
Exchange |
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9755 |
| CVE-2017-0110 |
2.7 |
Exchange |
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0110 |
| CVE-2017-2414 |
1.4 |
Exchange |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2414 |
| CVE-2016-10141 |
5.9 |
Exploit |
An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10141 |
| CVE-2016-5199 |
5.9 |
Exploit |
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5199 |
| CVE-2016-5200 |
5.9 |
Exploit |
V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5200 |
| CVE-2016-5203 |
5.9 |
Exploit |
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5203 |
| CVE-2016-5209 |
5.9 |
Exploit |
Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5209 |
| CVE-2016-0296 |
1.4 |
Endpoint |
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0296 |
| CVE-2016-0297 |
1.4 |
Endpoint |
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0297 |
| CVE-2016-0396 |
5.9 |
Endpoint |
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0396 |
| CVE-2016-8491 |
5.2 |
Fortinet |
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8491 |
| CVE-2016-8492 |
3.6 |
Fortinet |
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8492 |
| CVE-2016-8495 |
5.2 |
Fortinet |
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8495 |
| CVE-2016-7541 |
3.6 |
Fortinet |
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7541 |
| CVE-2016-7542 |
3.6 |
Fortinet |
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7542 |
| CVE-2017-3806 |
3.4 |
Firewall |
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3806 |
| CVE-2017-3807 |
5.9 |
Firewall |
A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3807 |
| CVE-2016-8352 |
6.0 |
Firewall |
An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8352 |
| CVE-2017-6411 |
5.9 |
Firewall |
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6411 |
| CVE-2016-5933 |
2.5 |
Firewall |
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5933 |
| CVE-2017-11145 |
3.6 |
GIS |
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-11145 |
| CVE-2026-42030 |
2.7 |
GIS |
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The vulnerability is triggered via FORMAT=application/openlayers combined with an unsanitized SRS parameter in WMS 1.3.0 requests. This issue has been patched in version 8.6.2. |
2026-05-14T18:04:33.627 |
https://cve.circl.lu/cve/CVE-2026-42030 |
| CVE-2016-4340 |
5.9 |
GitLab |
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4340 |
| CVE-2016-9469 |
4.2 |
GitLab |
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9469 |
| CVE-2017-0882 |
3.4 |
GitLab |
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0882 |
| CVE-2017-8778 |
2.7 |
GitLab |
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8778 |
| CVE-2017-11437 |
3.6 |
GitLab |
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-11437 |
| CVE-2023-48795 |
3.6 |
Golang |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. |
2026-05-12T11:16:15.010 |
https://cve.circl.lu/cve/CVE-2023-48795 |
| CVE-2016-5196 |
5.9 |
Google |
The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5196 |
| CVE-2016-5197 |
5.9 |
Google |
The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5197 |
| CVE-2016-5201 |
3.6 |
Google |
A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5201 |
| CVE-2016-6199 |
5.9 |
Gradle |
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6199 |
| CVE-2026-28376 |
3.6 |
Grafana |
The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue. |
2026-05-18T14:57:04.407 |
https://cve.circl.lu/cve/CVE-2026-28376 |
| CVE-2026-28379 |
3.6 |
Grafana |
A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server. |
2026-05-14T19:16:31.880 |
https://cve.circl.lu/cve/CVE-2026-28379 |
| CVE-2026-28383 |
3.6 |
Grafana |
A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service. |
2026-05-14T16:21:02.930 |
https://cve.circl.lu/cve/CVE-2026-28383 |
| CVE-2026-33380 |
4.0 |
Grafana |
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable. |
2026-05-14T16:21:02.930 |
https://cve.circl.lu/cve/CVE-2026-33380 |
| CVE-2017-16522 |
5.9 |
GPT |
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-16522 |
| CVE-2017-16523 |
5.9 |
GPT |
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-16523 |
| CVE-2026-31246 |
2.5 |
GPT |
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper validation. The user-supplied input is directly passed to asyncio.create_subprocess_shell() for execution. This allows an attacker to replace the intended command with arbitrary shell commands, leading to remote code execution with the privileges of the GPT-Pilot process. |
2026-05-13T15:47:35.667 |
https://cve.circl.lu/cve/CVE-2026-31246 |
| CVE-2017-5972 |
3.6 |
GitHub |
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5972 |
| CVE-2017-5135 |
5.2 |
GitHub |
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5135 |
| CVE-2017-8833 |
2.7 |
GitHub |
Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8833 |
| CVE-2017-12581 |
5.9 |
GitHub |
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-12581 |
| CVE-2017-12963 |
3.6 |
GitHub |
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-12963 |
| CVE-2016-4383 |
6.0 |
HPE |
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4383 |
| CVE-2017-9987 |
3.6 |
HPE |
There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9987 |
| CVE-2017-13982 |
5.9 |
HPE |
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-13982 |
| CVE-2017-13983 |
5.9 |
HPE |
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-13983 |
| CVE-2017-13984 |
3.6 |
HPE |
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-13984 |
| CVE-2014-0229 |
3.6 |
Hadoop |
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-0229 |
| CVE-2017-7565 |
5.9 |
Hadoop |
Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7565 |
| CVE-2016-6811 |
5.9 |
Hadoop |
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6811 |
| CVE-2017-3161 |
2.7 |
Hadoop |
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3161 |
| CVE-2017-3162 |
3.4 |
Hadoop |
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3162 |
| CVE-2017-7642 |
5.9 |
HashiCorp |
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7642 |
| CVE-2017-11741 |
6.0 |
HashiCorp |
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-11741 |
| CVE-2017-12579 |
5.9 |
HashiCorp |
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-12579 |
| CVE-2017-15884 |
5.9 |
HashiCorp |
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15884 |
| CVE-2017-16001 |
5.9 |
HashiCorp |
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-16001 |
| CVE-2017-0021 |
6.0 |
Hyper-V |
Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0021 |
| CVE-2017-0051 |
4.0 |
Hyper-V |
Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, and CVE-2017-0099. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0051 |
| CVE-2017-0074 |
4.0 |
Hyper-V |
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0074 |
| CVE-2017-0075 |
6.0 |
Hyper-V |
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0109. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0075 |
| CVE-2017-0076 |
4.0 |
Hyper-V |
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0076 |
| CVE-2016-0265 |
2.7 |
IBM |
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0265 |
| CVE-2016-0394 |
1.4 |
IBM |
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0394 |
| CVE-2020-37223 |
5.9 |
IOBit |
IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges. |
2026-05-13T17:07:21.030 |
https://cve.circl.lu/cve/CVE-2020-37223 |
| CVE-2017-3359 |
4.7 |
Intel |
Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Intelligence accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3359 |
| CVE-2017-3360 |
4.7 |
Intel |
Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Intelligence accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3360 |
| CVE-2016-0217 |
2.7 |
Intel |
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0217 |
| CVE-2016-0218 |
2.7 |
Intel |
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0218 |
| CVE-2017-3896 |
3.6 |
Intel |
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3896 |
| CVE-2017-7911 |
5.9 |
IoT |
A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7911 |
| CVE-2017-6780 |
3.6 |
IoT |
A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process. This vulnerability affects the following Cisco products: Connected Grid Network Management System, if running a software release prior to IoT-FND Release 4.0; IoT Field Network Director, if running a software release prior to IoT-FND Release 4.0. Cisco Bug IDs: CSCvc77164. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6780 |
| CVE-2017-16567 |
2.7 |
IoT |
Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality. Exploitation of this vulnerability can lead to Session Hijacking and Credential Theft, Execution of unauthorized actions on behalf of users, and Exfiltration of sensitive data. This vulnerability presents a potential risk for widespread exploitation in connected IoT environments. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-16567 |
| CVE-2026-33356 |
4.0 |
IoT |
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization at per-device scope. |
2026-05-13T15:36:30.533 |
https://cve.circl.lu/cve/CVE-2026-33356 |
| CVE-2017-5600 |
5.9 |
Insight |
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5600 |
| CVE-2017-2765 |
5.9 |
Insight |
EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2765 |
| CVE-2017-5234 |
5.9 |
Insight |
Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5234 |
| CVE-2017-1141 |
1.4 |
Insight |
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-1141 |
| CVE-2017-1311 |
5.9 |
Insight |
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-1311 |
| CVE-2012-4549 |
2.5 |
Java |
A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans (EJB) method invocation. This allows attackers to bypass intended access restrictions for EJB methods, leading to unauthorized access to sensitive functionalities. |
2026-05-14T23:16:32.133 |
https://cve.circl.lu/cve/CVE-2012-4549 |
| CVE-2012-4550 |
1.4 |
Java |
A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (EJB) access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers (JACC) permissions from being applied, allowing remote attackers to gain unauthorized access to EJBs. |
2026-05-14T23:16:34.130 |
https://cve.circl.lu/cve/CVE-2012-4550 |
| CVE-2016-9299 |
5.9 |
Java |
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9299 |
| CVE-2016-5226 |
2.7 |
Java |
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5226 |
| CVE-2016-3101 |
2.7 |
Jenkins |
Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-3101 |
| CVE-2016-3102 |
3.4 |
Jenkins |
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-3102 |
| CVE-2016-4986 |
3.6 |
Jenkins |
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4986 |
| CVE-2016-4987 |
3.6 |
Jenkins |
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4987 |
| CVE-2026-44413 |
4.2 |
JetBrains |
In JetBrains TeamCity before 2026.12025.11.5 authenticated users could expose server API to unauthorised access |
2026-05-12T19:59:34.543 |
https://cve.circl.lu/cve/CVE-2026-44413 |
| CVE-2016-7929 |
5.9 |
Juniper |
The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header(). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7929 |
| CVE-2017-2312 |
3.6 |
Juniper |
On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration (the native IPv6 support for LDP is available in Junos OS 16.1 and higher). The interface on which the packet arrives needs to have LDP enabled. The affected Junos versions are: 13.3 prior to 13.3R10; 14.1 prior to 14.1R8; 14.2 prior to 14.2R7-S6 or 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5; 15.1X49 before 15.1X49-D70; 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 before 16.1R2. 16.2R1 and all subsequent releases have a resolution for this vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2312 |
| CVE-2017-2313 |
3.6 |
Juniper |
Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The affected Junos OS versions are: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D78, 15.1X49-D80; 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4; 16.2 prior to 16.2R1-S3, 16.2R2; Releases prior to Junos OS 15.1 are unaffected by this vulnerability. 17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2313 |
| CVE-2017-2315 |
3.6 |
Juniper |
On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2315 |
| CVE-2017-2316 |
4.0 |
Juniper |
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2316 |
| CVE-2016-7103 |
2.7 |
JQuery |
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7103 |
| CVE-2015-7943 |
2.7 |
JQuery |
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7943 |
| CVE-2017-1000170 |
3.6 |
JQuery |
jqueryFileTree 2.1.5 and older Directory Traversal |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-1000170 |
| CVE-2026-43892 |
5.9 |
JQuery |
AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16. |
2026-05-13T18:24:31.310 |
https://cve.circl.lu/cve/CVE-2026-43892 |
| CVE-2026-21821 |
6.0 |
JQuery |
The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side attacks such as Cross-Site Scripting (XSS) or manipulation through vulnerable third-party components. |
2026-05-14T18:24:08.747 |
https://cve.circl.lu/cve/CVE-2026-21821 |
| CVE-2016-4319 |
5.9 |
Jira |
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4319 |
| CVE-2017-5983 |
5.9 |
Jira |
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5983 |
| CVE-2017-5553 |
2.7 |
JavaScript |
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5553 |
| CVE-2013-7452 |
2.7 |
JavaScript |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2013-7452 |
| CVE-2015-8857 |
5.9 |
JavaScript |
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8857 |
| CVE-2017-17383 |
2.7 |
JDK |
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-17383 |
| CVE-2025-53057 |
3.6 |
JDK |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). |
2026-05-12T13:17:21.593 |
https://cve.circl.lu/cve/CVE-2025-53057 |
| CVE-2025-53066 |
3.6 |
JDK |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
2026-05-12T13:17:21.753 |
https://cve.circl.lu/cve/CVE-2025-53066 |
| CVE-2025-61748 |
1.4 |
JDK |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). |
2026-05-12T13:17:23.393 |
https://cve.circl.lu/cve/CVE-2025-61748 |
| CVE-2026-21925 |
2.5 |
JDK |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). |
2026-05-12T13:17:31.180 |
https://cve.circl.lu/cve/CVE-2026-21925 |
| CVE-2017-1541 |
3.4 |
JRE |
A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-1541 |
| CVE-2017-8439 |
2.7 |
Kibana |
Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8439 |
| CVE-2017-8440 |
2.7 |
Kibana |
Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8440 |
| CVE-2015-9056 |
2.7 |
Kibana |
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-9056 |
| CVE-2016-1000218 |
5.9 |
Kibana |
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-1000218 |
| CVE-2016-1000219 |
3.6 |
Kibana |
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-1000219 |
| CVE-2017-1000056 |
5.9 |
Kubernetes |
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-1000056 |
| CVE-2015-7561 |
1.4 |
Kubernetes |
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7561 |
| CVE-2017-1002100 |
3.6 |
Kubernetes |
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-1002100 |
| CVE-2026-29773 |
1.4 |
Kubernetes |
Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner, without privilege escalation. An attacker with privileged "AdmissionPolicy" create permissions (which isn't the default) could make use of 3 deprecated host-callback APIs: kubernetes/ingresses, kubernetes/namespaces, kubernetes/services. The attacker can craft a policy that exercises these deprecated API calls and would allow them read access to Ingresses, Namespaces, and Services resources respectively. This attack is read-only, there is no write capability and no access to Secrets, ConfigMaps, or other resource types beyond these three. |
2026-05-13T20:44:20.023 |
https://cve.circl.lu/cve/CVE-2026-29773 |
| CVE-2026-39961 |
4.0 |
Kubernetes |
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and writes the password into a new secret in the attacker's namespace. The operator acts as a confused deputy: its ServiceAccount has cluster-wide secret read/write (aiven-operator-role ClusterRole), and it trusts user-supplied namespace values in spec.connInfoSecretSource.namespace without validation. No admission webhook enforces this boundary — the ServiceUser webhook returns nil, and no ClickhouseUser webhook exists. This vulnerability is fixed in 0.37.0. |
2026-05-13T16:06:00.737 |
https://cve.circl.lu/cve/CVE-2026-39961 |
| CVE-2016-5119 |
5.9 |
KeePass |
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5119 |
| CVE-2015-8378 |
3.6 |
KeePass |
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8378 |
| CVE-2017-1000066 |
3.6 |
KeePass |
The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-1000066 |
| CVE-2017-9810 |
5.9 |
Kaspersky |
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9810 |
| CVE-2017-9811 |
5.9 |
Kaspersky |
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9811 |
| CVE-2017-9812 |
3.6 |
Kaspersky |
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9812 |
| CVE-2017-9813 |
2.7 |
Kaspersky |
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9813 |
| CVE-2017-12816 |
5.9 |
Kaspersky |
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-12816 |
| CVE-2016-8225 |
5.9 |
Lenovo |
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8225 |
| CVE-2016-8226 |
3.6 |
Lenovo |
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8226 |
| CVE-2016-8227 |
5.9 |
Lenovo |
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8227 |
| CVE-2016-8232 |
2.7 |
Lenovo |
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8232 |
| CVE-2016-8233 |
5.9 |
Lenovo |
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8233 |
| CVE-2016-6492 |
5.9 |
Linux |
The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOC_T_SET_FDCONF_CMD IOCTL call. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6492 |
| CVE-2017-2584 |
5.2 |
Linux |
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2584 |
| CVE-2016-10147 |
3.6 |
Linux |
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10147 |
| CVE-2016-5720 |
5.9 |
MSI |
Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5720 |
| CVE-2017-11421 |
5.9 |
MSI |
gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-11421 |
| CVE-2017-12414 |
5.9 |
MSI |
Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-12414 |
| CVE-2017-15590 |
6.0 |
MSI |
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15590 |
| CVE-2015-7549 |
4.0 |
MSI |
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7549 |
| CVE-2016-10086 |
5.2 |
Management |
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10086 |
| CVE-2016-3147 |
5.9 |
Management |
Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-3147 |
| CVE-2016-9012 |
5.9 |
Management |
CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9012 |
| CVE-2026-45003 |
3.6 |
Mattermost |
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files. |
2026-05-13T14:13:30.933 |
https://cve.circl.lu/cve/CVE-2026-45003 |
| CVE-2026-4053 |
1.4 |
Mattermost |
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints.. Mattermost Advisory ID: MMSA-2026-00631 |
2026-05-18T18:37:37.347 |
https://cve.circl.lu/cve/CVE-2026-4053 |
| CVE-2026-4054 |
1.4 |
Mattermost |
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header (e.g. image/png) embedded in an og:image meta tag or Markdown image link.. Mattermost Advisory ID: MMSA-2026-00630 |
2026-05-18T18:36:00.877 |
https://cve.circl.lu/cve/CVE-2026-4054 |
| CVE-2026-28759 |
1.4 |
Mattermost |
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel, including private channels, via crafted membership sync messages targeting channels the remote cluster is not authorized to access. Mattermost Advisory ID: MMSA-2026-00576 |
2026-05-18T19:17:19.280 |
https://cve.circl.lu/cve/CVE-2026-28759 |
| CVE-2026-2325 |
1.4 |
Mattermost |
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to {{/api/v1/meetings}}.. Mattermost Advisory ID: MMSA-2026-00608 |
2026-05-18T19:17:11.097 |
https://cve.circl.lu/cve/CVE-2026-2325 |
| CVE-2016-7544 |
3.6 |
Microsoft |
Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7544 |
| CVE-2017-3823 |
5.9 |
Microsoft |
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3823 |
| CVE-2017-0038 |
3.6 |
Microsoft |
gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0038 |
| CVE-2016-3104 |
3.6 |
MongoDB |
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-3104 |
| CVE-2014-8180 |
3.6 |
MongoDB |
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-8180 |
| CVE-2017-14227 |
3.6 |
MongoDB |
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-14227 |
| CVE-2017-15535 |
5.2 |
MongoDB |
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15535 |
| CVE-2026-8431 |
5.9 |
MongoDB |
An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior. |
2026-05-13T15:34:29.847 |
https://cve.circl.lu/cve/CVE-2026-8431 |
| CVE-2016-4338 |
5.9 |
MySQL |
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4338 |
| CVE-2016-5541 |
2.5 |
MySQL |
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 4.8 (Integrity and Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5541 |
| CVE-2016-5590 |
5.9 |
MySQL |
Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS v3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5590 |
| CVE-2016-8318 |
4.0 |
MySQL |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8318 |
| CVE-2016-8327 |
3.6 |
MySQL |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8327 |
| CVE-2016-4617 |
6.0 |
MacOS |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4617 |
| CVE-2016-4660 |
4.2 |
MacOS |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4660 |
| CVE-2016-4661 |
3.6 |
MacOS |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4661 |
| CVE-2016-4662 |
5.9 |
MacOS |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4662 |
| CVE-2016-4663 |
3.6 |
MacOS |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4663 |
| CVE-2017-3302 |
3.6 |
MariaDB |
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3302 |
| CVE-2026-46446 |
5.5 |
MariaDB |
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin. |
2026-05-14T16:49:18.583 |
https://cve.circl.lu/cve/CVE-2026-46446 |
| CVE-2015-8986 |
3.6 |
Malware |
Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8986 |
| CVE-2015-8990 |
3.6 |
Malware |
Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8990 |
| CVE-2015-8991 |
5.9 |
Malware |
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8991 |
| CVE-2015-8992 |
5.9 |
Malware |
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8992 |
| CVE-2015-8993 |
5.9 |
Malware |
Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8993 |
| CVE-2026-44987 |
2.5 |
MFA |
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled (non-default), they can reset the Superusers' passwords and authenticate, if the Superuser has no MFA enabled. User managers can then access the Django backend (/admin) or manipulate the settings of the SysReptor installation. Note that user managers have the ability to access all pentest projects by assigning themselves "Project Admin" permissions. This is intentional and by design. This issue has been patched in version 2026.29. |
2026-05-13T16:49:32.233 |
https://cve.circl.lu/cve/CVE-2026-44987 |
| CVE-2026-43930 |
N/A |
MFA |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive valid session tokens, breaking the single-use property of the OTP. The vulnerability requires the attacker to already possess the victim's password and intercept the active SMS OTP (e.g. via SIM swap, network mirror, or phishing relay) and to race the legitimate login request, so the practical attack surface is narrow. This vulnerability is fixed in 8.6.76 and 9.9.0-alpha.2. |
2026-05-13T18:26:47.613 |
https://cve.circl.lu/cve/CVE-2026-43930 |
| CVE-2026-28510 |
5.2 |
Multi-factor Authentication |
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with an attacker-controlled TOTP secret and bypass the additional factor. This could result in unauthorized account access. This issue is fixed in version 5.4.2. |
2026-05-12T13:58:22.663 |
https://cve.circl.lu/cve/CVE-2026-28510 |
| CVE-2026-33833 |
4.7 |
Machine Learning |
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. |
2026-05-13T15:34:52.573 |
https://cve.circl.lu/cve/CVE-2026-33833 |
| CVE-2017-8001 |
5.9 |
MDM |
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8001 |
| CVE-2026-23998 |
3.6 |
MDM |
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Fleet’s Windows MDM management endpoint relies on mutual TLS (mTLS) client certificates to authenticate enrolled devices. In affected versions, requests that did not present a client certificate could be incorrectly treated as trusted. As a result, an attacker with prior knowledge of a valid enrolled device identifier could potentially impersonate that device and receive configuration payloads intended for it. These payloads may contain sensitive information such as Wi-Fi or VPN configuration data, certificates, or other secrets delivered through MDM profiles. This issue does not allow enrollment of new devices, administrative access to Fleet, or compromise of the Fleet control plane. Impact is limited to the targeted Windows device. Version 4.81.0 contains a patch. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM. |
2026-05-15T18:08:13.130 |
https://cve.circl.lu/cve/CVE-2026-23998 |
| CVE-2026-24899 |
N/A |
MDM |
Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the `aud` (audience) or `iss` (issuer) claims, any Microsoft-signed Azure AD access token containing the expected scopes can be used to authenticate to Fleet's MDM endpoints. If Windows MDM is enabled, an attacker with access to any Azure AD tenant can obtain a valid Microsoft-signed token and use it to enroll unauthorized devices and interact with Fleet's MDM management APIs. During device management, Fleet may expose sensitive enrollment secrets embedded in MDM command payloads, enabling further unauthorized access. Version 4.82.0 contains a patch. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM. |
2026-05-14T21:24:23.440 |
https://cve.circl.lu/cve/CVE-2026-24899 |
| CVE-2013-7460 |
3.6 |
McAfee |
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2013-7460 |
| CVE-2013-7461 |
3.6 |
McAfee |
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2013-7461 |
| CVE-2013-7462 |
3.6 |
McAfee |
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2013-7462 |
| CVE-2014-9920 |
3.6 |
McAfee |
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9920 |
| CVE-2017-5461 |
5.9 |
Mozilla |
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5461 |
| CVE-2017-6753 |
5.9 |
Mozilla |
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6753 |
| CVE-2007-5341 |
5.9 |
Mozilla |
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2007-5341 |
| CVE-2017-14632 |
5.9 |
Mozilla |
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-14632 |
| CVE-2017-0428 |
5.9 |
NVIDIA |
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0428 |
| CVE-2017-0429 |
5.9 |
NVIDIA |
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32636619. References: N-CVE-2017-0429. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0429 |
| CVE-2017-0448 |
3.6 |
NVIDIA |
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0448 |
| CVE-2017-0308 |
6.0 |
NVIDIA |
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0308 |
| CVE-2017-0309 |
6.0 |
NVIDIA |
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0309 |
| CVE-2016-10175 |
5.9 |
Netgear |
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10175 |
| CVE-2016-10176 |
5.9 |
Netgear |
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10176 |
| CVE-2017-6366 |
5.9 |
Netgear |
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6366 |
| CVE-2016-1556 |
3.6 |
Netgear |
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-1556 |
| CVE-2016-1557 |
5.9 |
Netgear |
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-1557 |
| CVE-2016-9459 |
2.7 |
Nextcloud |
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9459 |
| CVE-2016-9460 |
1.4 |
Nextcloud |
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9460 |
| CVE-2016-9461 |
1.4 |
Nextcloud |
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9461 |
| CVE-2016-9462 |
1.4 |
Nextcloud |
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9462 |
| CVE-2016-9463 |
5.9 |
Nextcloud |
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9463 |
| CVE-2017-8301 |
3.6 |
Nginx |
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8301 |
| CVE-2017-7529 |
3.6 |
Nginx |
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7529 |
| CVE-2026-8430 |
5.9 |
Nginx |
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuration scenarios to achieve code execution, and this issue is not mitigated by the SPIP security screen. |
2026-05-13T15:26:44.333 |
https://cve.circl.lu/cve/CVE-2026-8430 |
| CVE-2026-42268 |
3.6 |
Nginx |
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15. |
2026-05-14T14:49:57.730 |
https://cve.circl.lu/cve/CVE-2026-42268 |
| CVE-2026-44015 |
4.7 |
Nginx |
Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing network segmentation and enabling access to services bound to localhost or internal networks. |
2026-05-14T22:16:43.797 |
https://cve.circl.lu/cve/CVE-2026-44015 |
| CVE-2013-7451 |
2.7 |
Node.js |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2013-7451 |
| CVE-2013-7453 |
2.7 |
Node.js |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2013-7453 |
| CVE-2013-7454 |
2.7 |
Node.js |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2013-7454 |
| CVE-2014-9772 |
2.7 |
Node.js |
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9772 |
| CVE-2026-29198 |
5.9 |
NoSQL |
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured. |
2026-05-13T20:39:44.683 |
https://cve.circl.lu/cve/CVE-2026-29198 |
| CVE-2026-44666 |
N/A |
NoSQL |
HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString() function in convertCore.php is missing backtick (`) and tab (\t) from its strip list. User input then reaches shell_exec(), where the shell interprets these characters and commands within filenames execute. This vulnerability is fixed in 3.3.8. |
2026-05-15T15:16:53.630 |
https://cve.circl.lu/cve/CVE-2026-44666 |
| CVE-2017-5230 |
5.9 |
Nexpose |
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5230 |
| CVE-2017-5232 |
5.9 |
Nexpose |
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5232 |
| CVE-2017-5243 |
6.0 |
Nexpose |
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5243 |
| CVE-2017-5264 |
5.9 |
Nexpose |
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5264 |
| CVE-2016-9260 |
2.7 |
Nessus |
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9260 |
| CVE-2016-9259 |
2.7 |
Nessus |
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9259 |
| CVE-2017-6543 |
5.9 |
Nessus |
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6543 |
| CVE-2017-7199 |
5.9 |
Nessus |
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7199 |
| CVE-2017-7849 |
3.6 |
Nessus |
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7849 |
| CVE-2017-8914 |
3.7 |
NPM |
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8914 |
| CVE-2017-1000219 |
5.9 |
NPM |
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-1000219 |
| CVE-2016-10703 |
3.6 |
NPM |
A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10703 |
| CVE-2026-45321 |
6.0 |
NPM |
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart. |
2026-05-14T17:05:28.793 |
https://cve.circl.lu/cve/CVE-2026-45321 |
| CVE-2016-7997 |
3.6 |
NULL Pointer |
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7997 |
| CVE-2016-10025 |
3.6 |
NULL Pointer |
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10025 |
| CVE-2016-10087 |
3.6 |
NULL Pointer |
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10087 |
| CVE-2016-6604 |
5.9 |
NULL Pointer |
NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6604 |
| CVE-2017-5991 |
3.6 |
NULL Pointer |
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5991 |
| CVE-2016-6582 |
5.2 |
OAuth |
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6582 |
| CVE-2017-6062 |
4.0 |
OAuth |
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6062 |
| CVE-2017-6413 |
4.0 |
OAuth |
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6413 |
| CVE-2017-4960 |
3.6 |
OAuth |
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4960 |
| CVE-2016-0781 |
2.7 |
OAuth |
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0781 |
| CVE-2026-33376 |
5.2 |
Okta |
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128) to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here. |
2026-05-14T16:21:02.930 |
https://cve.circl.lu/cve/CVE-2026-33376 |
| CVE-2016-2217 |
1.4 |
OpenSSL |
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-2217 |
| CVE-2016-7798 |
3.6 |
OpenSSL |
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7798 |
| CVE-2017-5681 |
3.6 |
OpenSSL |
The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5681 |
| CVE-2016-7053 |
3.6 |
OpenSSL |
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7053 |
| CVE-2016-7054 |
3.6 |
OpenSSL |
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7054 |
| CVE-2016-5509 |
1.4 |
Oracle |
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5509 |
| CVE-2016-5528 |
6.0 |
Oracle |
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5528 |
| CVE-2016-5545 |
3.4 |
Oracle |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5545 |
| CVE-2017-0106 |
5.9 |
Outlook |
Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0106 |
| CVE-2017-0204 |
3.6 |
Outlook |
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0204 |
| CVE-2017-0207 |
3.6 |
Outlook |
Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0207 |
| CVE-2017-8545 |
3.6 |
Outlook |
A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability". |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8545 |
| CVE-2017-2789 |
5.9 |
Office |
When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2789 |
| CVE-2017-0014 |
5.9 |
Office |
The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0014 |
| CVE-2017-0019 |
5.9 |
Office |
Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0019 |
| CVE-2026-42203 |
5.9 |
OpenAI |
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user could reach it. Depending on how the proxy is deployed, this could expose secrets in the process environment (such as provider API keys or database credentials) and allow commands to be run on the host. This issue has been patched in version 1.83.7. |
2026-05-13T17:14:58.667 |
https://cve.circl.lu/cve/CVE-2026-42203 |
| CVE-2026-44556 |
4.2 |
OpenAI |
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While the primary chat completion endpoint (generate_chat_completion) checks model ownership, group membership, and AccessGrants before allowing a request, the /responses proxy only validates that the user has a valid session via get_verified_user. This allows any authenticated user to interact with any model configured on the instance by sending a POST request to /api/openai/responses with an arbitrary model ID. This vulnerability is fixed in 0.9.0. |
2026-05-19T03:12:44.393 |
https://cve.circl.lu/cve/CVE-2026-44556 |
| CVE-2017-5842 |
3.6 |
OneNote |
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5842 |
| CVE-2017-0197 |
5.9 |
OneNote |
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0197 |
| CVE-2026-22810 |
6.0 |
OneNote |
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as part of the target path when extracting attachments from the .one file. This issue has been patched in version 3.5.7. |
2026-05-18T21:16:39.373 |
https://cve.circl.lu/cve/CVE-2026-22810 |
| CVE-2016-6210 |
3.6 |
OpenSSH |
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6210 |
| CVE-2016-7407 |
5.9 |
OpenSSH |
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7407 |
| CVE-2016-1908 |
5.9 |
OpenSSH |
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-1908 |
| CVE-2017-15906 |
1.4 |
OpenSSH |
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15906 |
| CVE-2017-8994 |
5.9 |
Orchestration |
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8994 |
| CVE-2026-42047 |
4.0 |
Orchestration |
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve() HTTP handler. The serve() handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS, or DELETE fall through to a generic handler that returns diagnostic information. A change introduced in v3.22.0 caused this diagnostic response to include the contents of process.env, exposing any secrets, API keys, or credentials present in the environment. An application is vulnerable if its serve() endpoint is reachable via PATCH, OPTIONS, or DELETE requests, which is common in setups like Next.js Pages Router or Express's app.use(...). Not affected are Next.js App Router handlers that export only GET, POST, and PUT, and applications using the connect worker method. This issue has been fixed in version 3.54.0. To work around this issue if upgrading is not immediately possible, restrict the serve() endpoint at the framework or reverse-proxy layer to accept only GET, POST, and PUT. The Inngest serve() endpoint does not require any other HTTP methods. |
2026-05-13T14:06:01.727 |
https://cve.circl.lu/cve/CVE-2026-42047 |
| CVE-2026-25244 |
5.9 |
Orchestration |
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution (RCE) in test orchestration. Git permits branch names containing shell metacharacters, and getGitMetadataForAISelection() interpolates these names directly into execSync() calls without sanitization. An attacker can exploit this by supplying a malicious repository (via testOrchestrationOptions.runSmartSelection.source, or the current directory if unset) whose branch name carries a payload, causing the shell to execute arbitrary code. This enables remote code execution on CI/CD servers and developer machines, leading to credential and secret disclosure, source code and SSH key exfiltration, system compromise, and supply chain attacks via tampered build artifacts. The issue has been fixed in version 9.24.0. |
2026-05-18T21:16:39.547 |
https://cve.circl.lu/cve/CVE-2026-25244 |
| CVE-2015-7494 |
1.4 |
Orchestrator |
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7494 |
| CVE-2016-0202 |
1.4 |
Orchestrator |
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0202 |
| CVE-2016-0203 |
3.6 |
Orchestrator |
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0203 |
| CVE-2016-0206 |
1.4 |
Orchestrator |
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0206 |
| CVE-2016-8027 |
6.0 |
Orchestrator |
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8027 |
| CVE-2017-5223 |
3.6 |
PHP |
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5223 |
| CVE-2017-5520 |
5.9 |
PHP |
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5520 |
| CVE-2016-7980 |
5.9 |
PHP |
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7980 |
| CVE-2016-7998 |
5.9 |
PHP |
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7998 |
| CVE-2017-5543 |
5.9 |
PHP |
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5543 |
| CVE-2017-5328 |
3.6 |
Palo Alto |
Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5328 |
| CVE-2017-5329 |
5.9 |
Palo Alto |
Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5329 |
| CVE-2017-5583 |
3.6 |
Palo Alto |
The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5583 |
| CVE-2017-5584 |
2.7 |
Palo Alto |
Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5584 |
| CVE-2017-6356 |
1.4 |
Palo Alto |
Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6356 |
| CVE-2017-2791 |
5.9 |
Powerpoint |
JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2791 |
| CVE-2017-0264 |
5.9 |
Powerpoint |
Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0264 |
| CVE-2017-0265 |
5.9 |
Powerpoint |
Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0265 |
| CVE-2017-8513 |
5.9 |
Powerpoint |
A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability". |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8513 |
| CVE-2017-8742 |
5.9 |
Powerpoint |
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8742 |
| CVE-2016-7036 |
5.9 |
Python |
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7036 |
| CVE-2016-4043 |
3.6 |
Python |
Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4043 |
| CVE-2017-7235 |
5.9 |
Python |
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7235 |
| CVE-2017-5524 |
1.4 |
Python |
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5524 |
| CVE-2016-5715 |
2.7 |
Phishing |
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5715 |
| CVE-2017-5474 |
2.7 |
Phishing |
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5474 |
| CVE-2016-6020 |
2.7 |
Phishing |
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6020 |
| CVE-2016-8961 |
2.7 |
Phishing |
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8961 |
| CVE-2016-0214 |
5.9 |
Phishing |
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0214 |
| CVE-2016-5737 |
2.7 |
Puppet |
The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5737 |
| CVE-2015-7331 |
4.7 |
Puppet |
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7331 |
| CVE-2016-9686 |
1.4 |
Puppet |
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9686 |
| CVE-2016-2787 |
1.4 |
Puppet |
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-2787 |
| CVE-2026-0300 |
5.9 |
Prisma |
A buffer overflow vulnerability in the User-IDâ„¢ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-IDâ„¢ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability. |
2026-05-12T18:47:21.360 |
https://cve.circl.lu/cve/CVE-2026-0300 |
| CVE-2026-0237 |
N/A |
Prisma |
An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls. |
2026-05-13T18:17:47.830 |
https://cve.circl.lu/cve/CVE-2026-0237 |
| CVE-2026-0263 |
N/A |
Prisma |
A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition.Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities. |
2026-05-13T18:17:47.830 |
https://cve.circl.lu/cve/CVE-2026-0263 |
| CVE-2026-0264 |
N/A |
Prisma |
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability. |
2026-05-13T18:17:47.830 |
https://cve.circl.lu/cve/CVE-2026-0264 |
| CVE-2026-0265 |
N/A |
Prisma |
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).Cloud NGFW and Prisma Access® are not impacted by this vulnerability. |
2026-05-13T18:17:47.830 |
https://cve.circl.lu/cve/CVE-2026-0265 |
| CVE-2016-9381 |
6.0 |
QEMU |
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9381 |
| CVE-2016-9637 |
6.0 |
QEMU |
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9637 |
| CVE-2016-10028 |
3.6 |
QEMU |
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10028 |
| CVE-2016-10029 |
3.6 |
QEMU |
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10029 |
| CVE-2017-6209 |
4.0 |
QEMU |
Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6209 |
| CVE-2017-6335 |
3.6 |
Quantum |
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6335 |
| CVE-2014-9822 |
5.9 |
Quantum |
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9822 |
| CVE-2016-7530 |
3.6 |
Quantum |
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7530 |
| CVE-2017-10794 |
3.6 |
Quantum |
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-10794 |
| CVE-2017-11724 |
3.6 |
Quantum |
The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-11724 |
| CVE-2017-5156 |
5.9 |
RDP |
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5156 |
| CVE-2017-4897 |
3.6 |
RDP |
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4897 |
| CVE-2017-9948 |
5.9 |
RDP |
A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9948 |
| CVE-2017-8673 |
3.6 |
RDP |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8673 |
| CVE-2017-5228 |
5.5 |
Rapid7 |
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5228 |
| CVE-2017-5229 |
5.5 |
Rapid7 |
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5229 |
| CVE-2017-5231 |
5.5 |
Rapid7 |
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5231 |
| CVE-2016-2104 |
2.7 |
Red Hat |
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-2104 |
| CVE-2016-7060 |
3.6 |
Red Hat |
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7060 |
| CVE-2016-5409 |
3.6 |
Red Hat |
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5409 |
| CVE-2016-6338 |
5.9 |
Red Hat |
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6338 |
| CVE-2016-5401 |
5.9 |
Red Hat |
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5401 |
| CVE-2017-7969 |
5.9 |
Redis |
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7969 |
| CVE-2017-7970 |
3.6 |
Redis |
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7970 |
| CVE-2017-7971 |
3.6 |
Redis |
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7971 |
| CVE-2017-7972 |
3.4 |
Redis |
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7972 |
| CVE-2017-8083 |
5.9 |
Rootkit |
CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8083 |
| CVE-2017-6341 |
3.6 |
Remote Desktop |
Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6341 |
| CVE-2016-8508 |
3.6 |
Remote Desktop |
Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8508 |
| CVE-2016-4947 |
1.4 |
Remote Desktop |
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4947 |
| CVE-2017-2108 |
5.9 |
Remote Desktop |
Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2108 |
| CVE-2017-7440 |
3.6 |
Remote Desktop |
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7440 |
| CVE-2024-36334 |
N/A |
Radeon |
Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution. |
2026-05-15T14:10:17.083 |
https://cve.circl.lu/cve/CVE-2024-36334 |
| CVE-2016-7793 |
5.9 |
Repository |
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7793 |
| CVE-2016-7794 |
5.9 |
Repository |
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7794 |
| CVE-2014-9938 |
5.9 |
Repository |
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9938 |
| CVE-2017-8386 |
5.9 |
Repository |
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8386 |
| CVE-2016-10075 |
5.9 |
Repo |
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10075 |
| CVE-2016-5897 |
2.7 |
Repo |
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5897 |
| CVE-2017-5371 |
3.6 |
SAP |
Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5371 |
| CVE-2017-5372 |
3.6 |
SAP |
The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5372 |
| CVE-2016-10079 |
3.6 |
SAP |
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10079 |
| CVE-2017-5997 |
3.6 |
SAP |
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5997 |
| CVE-2015-8994 |
5.9 |
SAP |
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8994 |
| CVE-2017-5483 |
5.9 |
SNMP |
The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse(). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5483 |
| CVE-2016-6267 |
5.9 |
SNMP |
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6267 |
| CVE-2015-5677 |
3.6 |
SNMP |
bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-5677 |
| CVE-2014-9695 |
5.9 |
SNMP |
The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9695 |
| CVE-2017-5517 |
5.9 |
SQL |
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5517 |
| CVE-2017-5519 |
5.9 |
SQL |
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5519 |
| CVE-2017-5574 |
5.9 |
SQL |
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5574 |
| CVE-2017-5575 |
5.9 |
SQL |
SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5575 |
| CVE-2017-5569 |
5.9 |
SQL |
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5569 |
| CVE-2016-5958 |
3.6 |
SSL |
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5958 |
| CVE-2016-5935 |
3.6 |
SSL |
IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5935 |
| CVE-2016-9244 |
3.6 |
SSL |
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9244 |
| CVE-2017-15042 |
3.6 |
STARTTLS |
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15042 |
| CVE-2016-1602 |
5.9 |
SUSE |
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-1602 |
| CVE-2017-15638 |
2.5 |
SUSE |
The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15638 |
| CVE-2017-0030 |
5.9 |
SharePoint |
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0030 |
| CVE-2017-0105 |
3.6 |
SharePoint |
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0105 |
| CVE-2026-44695 |
4.0 |
Slack |
Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a logged-in Outline user complete the callback and link that user's Outline account to the attacker's Slack team_id and user_id. The linked Slack identity can then use the Slack /outline search command as the victim Outline user. This vulnerability is fixed in 1.7.1. |
2026-05-15T20:21:42.197 |
https://cve.circl.lu/cve/CVE-2026-44695 |
| CVE-2017-6803 |
5.9 |
Solarwinds |
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6803 |
| CVE-2017-5198 |
6.0 |
Solarwinds |
SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5198 |
| CVE-2017-5199 |
5.9 |
Solarwinds |
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5199 |
| CVE-2017-7646 |
3.6 |
Solarwinds |
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7646 |
| CVE-2017-7647 |
5.9 |
Solarwinds |
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7647 |
| CVE-2016-2126 |
3.6 |
Samba |
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-2126 |
| CVE-2017-9461 |
3.6 |
Samba |
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9461 |
| CVE-2017-14746 |
5.9 |
Samba |
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-14746 |
| CVE-2017-15275 |
3.6 |
Samba |
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15275 |
| CVE-2017-15943 |
1.4 |
Spyware |
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15943 |
| CVE-2016-10259 |
3.6 |
Symantec |
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10259 |
| CVE-2016-5313 |
5.9 |
Symantec |
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5313 |
| CVE-2016-5309 |
3.6 |
Symantec |
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5309 |
| CVE-2016-5310 |
3.6 |
Symantec |
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5310 |
| CVE-2016-5312 |
3.6 |
Symantec |
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5312 |
| CVE-2016-10324 |
5.9 |
SIP |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10324 |
| CVE-2016-10325 |
3.6 |
SIP |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10325 |
| CVE-2016-10326 |
3.6 |
SIP |
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10326 |
| CVE-2017-7853 |
3.6 |
SIP |
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7853 |
| CVE-2017-3808 |
3.6 |
SIP |
A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3808 |
| CVE-2016-10102 |
5.9 |
SSH |
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10102 |
| CVE-2016-10104 |
3.6 |
SSH |
Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10104 |
| CVE-2017-5544 |
3.6 |
SSH |
An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5544 |
| CVE-2017-3310 |
6.0 |
SES |
Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3310 |
| CVE-2016-6329 |
3.6 |
SES |
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6329 |
| CVE-2016-2938 |
2.7 |
SES |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-2938 |
| CVE-2016-2939 |
2.7 |
SES |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-2939 |
| CVE-2016-0270 |
3.6 |
TLS |
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-0270 |
| CVE-2016-5900 |
3.6 |
TLS |
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5900 |
| CVE-2016-10207 |
3.6 |
TLS |
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10207 |
| CVE-2017-2685 |
5.2 |
TLS |
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2685 |
| CVE-2017-9138 |
5.9 |
Tenda |
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9138 |
| CVE-2017-9139 |
1.4 |
Tenda |
There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-9139 |
| CVE-2017-14514 |
3.6 |
Tenda |
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-14514 |
| CVE-2017-14515 |
3.6 |
Tenda |
Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-14515 |
| CVE-2017-16923 |
5.9 |
Tenda |
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-16923 |
| CVE-2026-2695 |
3.4 |
TeamViewer |
A commandinjection vulnerability was discovered in TeamViewer DEX Platform On-Premises(former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allowsauthenticated users with at least questioner privileges to inject commands in specificinstructions. Exploitation could lead to execution of elevated commands ondevices connected to the platform. |
2026-05-13T18:10:51.227 |
https://cve.circl.lu/cve/CVE-2026-2695 |
| CVE-2016-9005 |
5.9 |
TAP |
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9005 |
| CVE-2016-8362 |
3.6 |
TAP |
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8362 |
| CVE-2016-8363 |
6.0 |
TAP |
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-8363 |
| CVE-2014-9680 |
1.4 |
TAP |
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-9680 |
| CVE-2015-8768 |
5.9 |
Ubuntu |
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8768 |
| CVE-2017-6590 |
5.9 |
Ubuntu |
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6590 |
| CVE-2017-7184 |
5.9 |
Ubuntu |
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7184 |
| CVE-2016-6110 |
4.0 |
VMware |
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6110 |
| CVE-2016-5711 |
5.9 |
VMware |
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-5711 |
| CVE-2015-4057 |
3.6 |
VMware |
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-4057 |
| CVE-2015-8568 |
4.0 |
VMware |
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8568 |
| CVE-2016-6368 |
4.0 |
VMware |
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6368 |
| CVE-2017-5885 |
5.9 |
VNC |
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5885 |
| CVE-2017-7393 |
5.9 |
VNC |
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7393 |
| CVE-2015-8504 |
3.6 |
VNC |
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-8504 |
| CVE-2017-7980 |
5.9 |
VNC |
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7980 |
| CVE-2017-4933 |
5.9 |
VNC |
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-4933 |
| CVE-2014-2045 |
2.7 |
VPN |
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2014-2045 |
| CVE-2016-1920 |
3.6 |
VPN |
Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-1920 |
| CVE-2026-41109 |
5.9 |
Visual Studio |
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network. |
2026-05-15T15:27:35.300 |
https://cve.circl.lu/cve/CVE-2026-41109 |
| CVE-2026-41610 |
4.0 |
Visual Studio |
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. |
2026-05-15T15:11:18.460 |
https://cve.circl.lu/cve/CVE-2026-41610 |
| CVE-2026-41611 |
5.9 |
Visual Studio |
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally. |
2026-05-15T15:05:19.573 |
https://cve.circl.lu/cve/CVE-2026-41611 |
| CVE-2026-41612 |
3.6 |
Visual Studio |
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. |
2026-05-15T14:25:28.623 |
https://cve.circl.lu/cve/CVE-2026-41612 |
| CVE-2026-41613 |
5.9 |
Visual Studio |
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. |
2026-05-15T14:23:50.983 |
https://cve.circl.lu/cve/CVE-2026-41613 |
| CVE-2017-3290 |
5.8 |
VirtualBox |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 7.9 (Integrity and Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3290 |
| CVE-2017-3316 |
6.0 |
VirtualBox |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3316 |
| CVE-2017-3332 |
5.8 |
VirtualBox |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Integrity and Availability impacts). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3332 |
| CVE-2017-3513 |
1.4 |
VirtualBox |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3513 |
| CVE-2017-0095 |
6.0 |
VS Code |
Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0095 |
| CVE-2017-11170 |
5.9 |
VS Code |
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-11170 |
| CVE-2024-38587 |
1.4 |
VS Code |
In the Linux kernel, the following vulnerability has been resolved:speakup: Fix sizeof() vs ARRAY_SIZE() bugThe "buf" pointer is an array of u16 values. This code should beusing ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512),otherwise it can the still got out of bounds. |
2026-05-12T12:16:53.990 |
https://cve.circl.lu/cve/CVE-2024-38587 |
| CVE-2024-57901 |
3.6 |
VS Code |
In the Linux kernel, the following vulnerability has been resolved:af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEKBlamed commit forgot MSG_PEEK case, allowing a crash [1] as foundby syzbot.Rework vlan_get_protocol_dgram() to not touch skb at all,so that it can be used from many cpus on the same skb.Add a const qualifier to skb argument.[1]skbuff: skb_under_panic: text:ffffffff8a8ccd05 len:29 put:14 head:ffff88807fc8e400 data:ffff88807fc8e3f4 tail:0x11 end:0x140 dev:<NULL>------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 !Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTICPU: 1 UID: 0 PID: 5892 Comm: syz-executor883 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216Code: 0b 8d 48 c7 c6 86 d5 25 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 5a 69 79 f7 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3RSP: 0018:ffffc900038d7638 EFLAGS: 00010282RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 609ffd18ea660600RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000RBP: ffff88802483c8d0 R08: ffffffff817f0a8c R09: 1ffff9200071ae60R10: dffffc0000000000 R11: fffff5200071ae61 R12: 0000000000000140R13: ffff88807fc8e400 R14: ffff88807fc8e3f4 R15: 0000000000000011FS: 00007fbac5e006c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 00007fbac5e00d58 CR3: 000000001238e000 CR4: 00000000003526f0DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 vlan_get_protocol_dgram+0x165/0x290 net/packet/af_packet.c:585 packet_recvmsg+0x948/0x1ef0 net/packet/af_packet.c:3552 sock_recvmsg_nosec net/socket.c:1033 [inline] sock_recvmsg+0x22f/0x280 net/socket.c:1055 ____sys_recvmsg+0x1c6/0x480 net/socket.c:2803 ___sys_recvmsg net/socket.c:2845 [inline] do_recvmmsg+0x426/0xab0 net/socket.c:2940 __sys_recvmmsg net/socket.c:3014 [inline] __do_sys_recvmmsg net/socket.c:3037 [inline] __se_sys_recvmmsg net/socket.c:3030 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3030 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f |
2026-05-12T13:16:23.287 |
https://cve.circl.lu/cve/CVE-2024-57901 |
| CVE-2017-8865 |
3.6 |
VoIP |
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8865 |
| CVE-2017-8866 |
3.6 |
VoIP |
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8866 |
| CVE-2017-6094 |
5.9 |
VoIP |
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the "chk" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid "chk" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6094 |
| CVE-2017-5953 |
5.9 |
Vim |
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5953 |
| CVE-2017-6349 |
5.9 |
Vim |
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6349 |
| CVE-2017-6350 |
5.9 |
Vim |
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6350 |
| CVE-2017-5870 |
2.7 |
Vim |
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5870 |
| CVE-2017-6086 |
5.9 |
Vim |
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6086 |
| CVE-2016-6648 |
3.6 |
Virtual Machine |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6648 |
| CVE-2016-6649 |
5.9 |
Virtual Machine |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6649 |
| CVE-2016-9314 |
5.9 |
Virtual Machine |
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9314 |
| CVE-2017-6513 |
6.0 |
Virtual Machine |
The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-6513 |
| CVE-2017-0058 |
3.6 |
Win32k |
A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0058 |
| CVE-2017-0188 |
1.4 |
Win32k |
A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0188 |
| CVE-2017-8577 |
5.9 |
Win32k |
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8577 |
| CVE-2017-8578 |
5.9 |
Win32k |
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8578 |
| CVE-2017-8580 |
5.9 |
Win32k |
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8580 |
| CVE-2016-9312 |
3.6 |
Windows |
ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9312 |
| CVE-2016-9811 |
3.6 |
Windows |
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9811 |
| CVE-2017-5487 |
1.4 |
WordPress |
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5487 |
| CVE-2017-5488 |
2.7 |
WordPress |
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5488 |
| CVE-2017-5489 |
5.9 |
WordPress |
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5489 |
| CVE-2017-5490 |
2.7 |
WordPress |
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5490 |
| CVE-2017-5491 |
1.4 |
WordPress |
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5491 |
| CVE-2024-26897 |
3.6 |
WMI |
In the Linux kernel, the following vulnerability has been resolved:wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is completeThe ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the datastructures have been fully initialised by the time it runs. However, because ofthe order in which things are initialised, this is not guaranteed to be thecase, because the device is exposed to the USB subsystem before the ath9k driverinitialisation is completed.We already committed a partial fix for this in commit:8b3046abc99e ("ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()")However, that commit only aborted the WMI_TXSTATUS_EVENTID command in the eventtasklet, pairing it with an "initialisation complete" bit in the TX struct. Itseems syzbot managed to trigger the race for one of the other commands as well,so let's just move the existing synchronisation bit to cover the wholetasklet (setting it at the end of ath9k_htc_probe_device() instead of insideath9k_tx_init()). |
2026-05-12T12:16:24.847 |
https://cve.circl.lu/cve/CVE-2024-26897 |
| CVE-2024-36004 |
3.6 |
WMI |
In the Linux kernel, the following vulnerability has been resolved:i40e: Do not use WQ_MEM_RECLAIM flag for workqueueIssue reported by customer during SRIOV testing, call trace:When both i40e and the i40iw driver are loaded, a warningin check_flush_dependency is being triggered. This seemsto be because of the i40e driver workqueue is allocated withthe WQ_MEM_RECLAIM flag, and the i40iw one is not.Similar error was encountered on ice too and it was fixed byremoving the flag. Do the same for i40e too.[Feb 9 09:08] ------------[ cut here ]------------[ +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] isflushing !WQ_MEM_RECLAIM infiniband:0x0[ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966check_flush_dependency+0x10b/0x120[ +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seqsnd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4nls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtrrfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdmaintel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssifisst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermalintel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_coreiTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncoreioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ichintel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_padxfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbedrm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intellibata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirrordm_region_hash dm_log dm_mod fuse[ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Nottainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1[ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOSSE5C620.86B.02.01.0013.121520200651 12/15/2020[ +0.000001] Workqueue: i40e i40e_service_task [i40e][ +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120[ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 4881 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fdff <0f> 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90[ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282[ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX:0000000000000027[ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI:ffff94d47f620bc0[ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09:00000000ffff7fff[ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12:ffff94c5451ea180[ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15:ffff94c5f1330ab0[ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000)knlGS:0000000000000000[ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4:00000000007706f0[ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000[ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400[ +0.000001] PKRU: 55555554[ +0.000001] Call Trace:[ +0.000001] <TASK>[ +0.000002] ? __warn+0x80/0x130[ +0.000003] ? check_flush_dependency+0x10b/0x120[ +0.000002] ? report_bug+0x195/0x1a0[ +0.000005] ? handle_bug+0x3c/0x70[ +0.000003] ? exc_invalid_op+0x14/0x70[ +0.000002] ? asm_exc_invalid_op+0x16/0x20[ +0.000006] ? check_flush_dependency+0x10b/0x120[ +0.000002] ? check_flush_dependency+0x10b/0x120[ +0.000002] __flush_workqueue+0x126/0x3f0[ +0.000015] ib_cache_cleanup_one+0x1c/0xe0 [ib_core][ +0.000056] __ib_unregister_device+0x6a/0xb0 [ib_core][ +0.000023] ib_unregister_device_and_put+0x34/0x50 [ib_core][ +0.000020] i40iw_close+0x4b/0x90 [irdma][ +0.000022] i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e][ +0.000035] i40e_service_task+0x126/0x190 [i40e][ +0.000024] process_one_work+0x174/0x340[ +0.000003] worker_th---truncated--- |
2026-05-12T12:16:46.777 |
https://cve.circl.lu/cve/CVE-2024-36004 |
| CVE-2026-43298 |
3.6 |
WMI |
In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: Skip vcn poison irq release on VFVF doesn't enable VCN poison irq in VCNv2.5. Skip releasing it and avoidcall trace during deinitialization.[ 71.913601] [drm] clean up the vf2pf work item[ 71.915088] ------------[ cut here ]------------[ 71.915092] WARNING: CPU: 3 PID: 1079 at /tmp/amd.aFkFvSQl/amd/amdgpu/amdgpu_irq.c:641 amdgpu_irq_put+0xc6/0xe0 [amdgpu][ 71.915355] Modules linked in: amdgpu(OE-) amddrm_ttm_helper(OE) amdttm(OE) amddrm_buddy(OE) amdxcp(OE) amddrm_exec(OE) amd_sched(OE) amdkcl(OE) drm_suballoc_helper drm_display_helper cec rc_core i2c_algo_bit video wmi binfmt_misc nls_iso8859_1 intel_rapl_msr intel_rapl_common input_leds joydev serio_raw mac_hid qemu_fw_cfg sch_fq_codel dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua efi_pstore ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 hid_generic crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel usbhid 8139too sha256_ssse3 sha1_ssse3 hid psmouse bochs i2c_i801 ahci drm_vram_helper libahci i2c_smbus lpc_ich drm_ttm_helper 8139cp mii ttm aesni_intel crypto_simd cryptd[ 71.915484] CPU: 3 PID: 1079 Comm: rmmod Tainted: G OE 6.8.0-87-generic #88~22.04.1-Ubuntu[ 71.915489] Hardware name: Red Hat KVM/RHEL, BIOS 1.16.3-2.el9_5.1 04/01/2014[ 71.915492] RIP: 0010:amdgpu_irq_put+0xc6/0xe0 [amdgpu][ 71.915768] Code: 75 84 b8 ea ff ff ff eb d4 44 89 ea 48 89 de 4c 89 e7 e8 fd fc ff ff 5b 41 5c 41 5d 41 5e 5d 31 d2 31 f6 31 ff e9 55 30 3b c7 <0f> 0b eb d4 b8 fe ff ff ff eb a8 e9 b7 3b 8a 00 66 2e 0f 1f 84 00[ 71.915771] RSP: 0018:ffffcf0800eafa30 EFLAGS: 00010246[ 71.915775] RAX: 0000000000000000 RBX: ffff891bda4b0668 RCX: 0000000000000000[ 71.915777] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000[ 71.915779] RBP: ffffcf0800eafa50 R08: 0000000000000000 R09: 0000000000000000[ 71.915781] R10: 0000000000000000 R11: 0000000000000000 R12: ffff891bda480000[ 71.915782] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000[ 71.915792] FS: 000070cff87c4c40(0000) GS:ffff893abfb80000(0000) knlGS:0000000000000000[ 71.915795] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[ 71.915797] CR2: 00005fa13073e478 CR3: 000000010d634006 CR4: 0000000000770ef0[ 71.915800] PKRU: 55555554[ 71.915802] Call Trace:[ 71.915805] <TASK>[ 71.915809] vcn_v2_5_hw_fini+0x19e/0x1e0 [amdgpu] |
2026-05-15T14:53:00.510 |
https://cve.circl.lu/cve/CVE-2026-43298 |
| CVE-2022-23650 |
5.9 |
WireGuard |
Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds. |
2026-05-18T16:44:17.500 |
https://cve.circl.lu/cve/CVE-2022-23650 |
| CVE-2022-36110 |
5.9 |
WireGuard |
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1. |
2026-05-18T16:44:17.500 |
https://cve.circl.lu/cve/CVE-2022-36110 |
| CVE-2023-32077 |
3.6 |
WireGuard |
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server. |
2026-05-18T16:44:17.500 |
https://cve.circl.lu/cve/CVE-2023-32077 |
| CVE-2023-32078 |
3.6 |
WireGuard |
Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server. |
2026-05-18T16:44:17.500 |
https://cve.circl.lu/cve/CVE-2023-32078 |
| CVE-2023-32079 |
5.9 |
WireGuard |
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server. |
2026-05-18T16:44:17.500 |
https://cve.circl.lu/cve/CVE-2023-32079 |
| CVE-2017-3794 |
5.9 |
Webex |
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3794 |
| CVE-2017-3795 |
2.5 |
Webex |
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3795 |
| CVE-2017-3796 |
5.9 |
Webex |
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3796 |
| CVE-2017-3797 |
1.4 |
Webex |
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3797 |
| CVE-2017-3799 |
2.7 |
Webex |
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3799 |
| CVE-2016-9379 |
5.8 |
Xen |
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9379 |
| CVE-2016-9380 |
5.8 |
Xen |
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9380 |
| CVE-2016-9382 |
5.9 |
Xen |
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9382 |
| CVE-2016-9383 |
6.0 |
Xen |
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9383 |
| CVE-2026-45036 |
5.9 |
Xterm |
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. The ZModemMiddleware in tabby-terminal consumes all session output through a Zmodem.Sentry, and when a ZMODEM ZRQINIT header is detected, unconditionally calls detection.confirm() and writes a fixed ZRINIT response ( **\x18B0100000023be50\r\n\x11) back into the active PTY as input. When the process that triggered the detection (e.g., cat) exits, the injected bytes are consumed by the user's shell as a command line. Under fish (default configuration), the ** prefix triggers recursive glob expansion against the current directory, allowing an attacker-placed executable at a matching nested path (e.g., d/xB0100000023be50) to be executed by relative pathname without relying on PATH. Under bash and zsh, a secondary xterm.js terminal color-query feedback (OSC 10) can be combined in the same file to inject a slash-containing command word that similarly bypasses PATH resolution. An attacker can exploit this by providing a crafted file (e.g., in a cloned Git repository) that a user displays with cat, achieving code execution with no interaction beyond viewing the file. This vulnerability is fixed in 1.0.233. |
2026-05-18T19:34:25.260 |
https://cve.circl.lu/cve/CVE-2026-45036 |
| CVE-2017-2578 |
2.7 |
XSS |
In Moodle 3.x, there is XSS in the assignment submission page. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-2578 |
| CVE-2017-3798 |
2.7 |
XSS |
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3798 |
| CVE-2017-5875 |
2.7 |
XSS |
XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5875 |
| CVE-2016-9385 |
4.0 |
X86 |
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9385 |
| CVE-2016-9386 |
5.9 |
X86 |
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-9386 |
| CVE-2017-0244 |
5.9 |
X64 |
The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka "Windows Kernel Elevation of Privilege Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0244 |
| CVE-2017-0246 |
5.9 |
X64 |
The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability." |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-0246 |
| CVE-2017-8552 |
5.9 |
X64 |
A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE is unique from CVE-2017-0263. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-8552 |
| CVE-2024-35849 |
5.2 |
X64 |
In the Linux kernel, the following vulnerability has been resolved:btrfs: fix information leak in btrfs_ioctl_logical_to_ino()Syzbot reported the following information leak for inbtrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x110 lib/usercopy.c:40 copy_to_user include/linux/uaccess.h:191 [inline] btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499 btrfs_ioctl+0x714/0x1260 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: __kmalloc_large_node+0x231/0x370 mm/slub.c:3921 __do_kmalloc_node mm/slub.c:3954 [inline] __kmalloc_node+0xb07/0x1060 mm/slub.c:3973 kmalloc_node include/linux/slab.h:648 [inline] kvmalloc_node+0xc0/0x2d0 mm/util.c:634 kvmalloc include/linux/slab.h:766 [inline] init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779 btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480 btrfs_ioctl+0x714/0x1260 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Bytes 40-65535 of 65536 are uninitialized Memory access of size 65536 starts at ffff888045a40000This happens, because we're copying a 'struct btrfs_data_container' backto user-space. This btrfs_data_container is allocated in'init_data_container()' via kvmalloc(), which does not zero-fill thememory.Fix this by using kvzalloc() which zeroes out the memory on allocation. |
2026-05-12T12:16:37.930 |
https://cve.circl.lu/cve/CVE-2024-35849 |
| CVE-2024-38596 |
3.6 |
X64 |
In the Linux kernel, the following vulnerability has been resolved:af_unix: Fix data races in unix_release_sock/unix_stream_sendmsgA data-race condition has been identified in af_unix. In one data path,the write function unix_release_sock() atomically writes tosk->sk_shutdown using WRITE_ONCE. However, on the reader side,unix_stream_sendmsg() does not read it atomically. Consequently, thisissue is causing the following KCSAN splat to occur:\tBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\twrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\tunix_release_sock (net/unix/af_unix.c:640)\tunix_release (net/unix/af_unix.c:1050)\tsock_close (net/socket.c:659 net/socket.c:1421)\t__fput (fs/file_table.c:422)\t__fput_sync (fs/file_table.c:508)\t__se_sys_close (fs/open.c:1559 fs/open.c:1541)\t__x64_sys_close (fs/open.c:1541)\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\tdo_syscall_64 (arch/x86/entry/common.c:?)\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\tread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\tunix_stream_sendmsg (net/unix/af_unix.c:2273)\t__sock_sendmsg (net/socket.c:730 net/socket.c:745)\t____sys_sendmsg (net/socket.c:2584)\t__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\t__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\tdo_syscall_64 (arch/x86/entry/common.c:?)\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\tvalue changed: 0x01 -> 0x03The line numbers are related to commit dd5a440a31fa ("Linux 6.9-rc7").Commit e1d09c2c2f57 ("af_unix: Fix data races around sk->sk_shutdown.")addressed a comparable issue in the past regarding sk->sk_shutdown.However, it overlooked resolving this particular data path.This patch only offending unix_stream_sendmsg() function, since theother reads seem to be protected by unix_state_lock() as discussed in |
2026-05-12T12:16:54.490 |
https://cve.circl.lu/cve/CVE-2024-38596 |
| CVE-2017-3732 |
3.6 |
X86_64 |
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-3732 |
| CVE-2016-7062 |
5.9 |
X86_64 |
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-7062 |
| CVE-2017-17879 |
5.9 |
X86_64 |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-17879 |
| CVE-2017-17880 |
5.9 |
X86_64 |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-17880 |
| CVE-2016-6600 |
5.9 |
Zoho |
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6600 |
| CVE-2016-6601 |
3.6 |
Zoho |
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6601 |
| CVE-2016-6602 |
5.9 |
Zoho |
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6602 |
| CVE-2016-6603 |
5.9 |
Zoho |
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-6603 |
| CVE-2016-4888 |
2.7 |
Zoho |
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-4888 |
| CVE-2015-2888 |
5.9 |
Zoom |
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-2888 |
| CVE-2015-2889 |
5.9 |
Zoom |
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-2889 |
| CVE-2017-15048 |
5.9 |
Zoom |
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15048 |
| CVE-2017-15049 |
5.9 |
Zoom |
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15049 |
| CVE-2025-27441 |
2.5 |
Zoom |
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. |
2026-05-15T19:16:56.747 |
https://cve.circl.lu/cve/CVE-2025-27441 |
| CVE-2016-10227 |
3.6 |
Zyxel |
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10227 |
| CVE-2017-7964 |
6.0 |
Zyxel |
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-7964 |
| CVE-2016-10401 |
5.9 |
Zyxel |
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10401 |
| CVE-2015-7256 |
3.6 |
Zyxel |
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2015-7256 |
| CVE-2017-15226 |
5.9 |
Zyxel |
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-15226 |
| CVE-2017-5367 |
2.7 |
ZoneMinder |
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others). |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5367 |
| CVE-2017-5595 |
3.6 |
ZoneMinder |
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2017-5595 |
| CVE-2016-10201 |
2.7 |
ZoneMinder |
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. |
2026-05-13T00:24:29.033 |
https://cve.circl.lu/cve/CVE-2016-10201 |
