Latest CVE Feed
-
7.5
HIGHCVE-2017-8019
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service s... Read more
Affected Products : scaleio- EPSS Score: %2.75
- Published: Nov. 28, 2017
- Modified: Apr. 20, 2025
-
4.2
MEDIUMCVE-2015-7269
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, ... Read more
- EPSS Score: %0.06
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
4.2
MEDIUMCVE-2015-7268
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDr... Read more
Affected Products : 850_pro_firmware pm851_firmware st500lt015_firmware st500lt025_firmware 850_pro pm851 st500lt015 st500lt025- EPSS Score: %0.06
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
4.2
MEDIUMCVE-2015-7267
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitu... Read more
Affected Products : 850_pro_firmware pm851_firmware st500lt015_firmware st500lt025_firmware 850_pro pm851 st500lt015 st500lt025- EPSS Score: %0.06
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-1628
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.... Read more
Affected Products : business_process_manager- EPSS Score: %0.30
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-1570
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.... Read more
- EPSS Score: %0.18
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-1560
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more
Affected Products : rational_doors_next_generation- EPSS Score: %0.27
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-1461
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more
Affected Products : rational_doors_next_generation- EPSS Score: %0.27
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-1251
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.... Read more
- EPSS Score: %0.13
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-1240
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.... Read more
- EPSS Score: %0.18
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2016-6024
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.... Read more
- EPSS Score: %0.13
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
8.1
HIGHCVE-2017-15055
TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arb... Read more
Affected Products : teampass- EPSS Score: %0.34
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
4.9
MEDIUMCVE-2017-15052
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administra... Read more
Affected Products : teampass- EPSS Score: %0.24
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-14586
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.... Read more
Affected Products : hipchat- EPSS Score: %2.51
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2017-14585
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server star... Read more
- EPSS Score: %1.75
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-8031
An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particul... Read more
- EPSS Score: %0.42
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-0910
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.... Read more
Affected Products : zulip_server- EPSS Score: %0.24
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-1001004
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.... Read more
Affected Products : typed_function- EPSS Score: %0.75
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-1001003
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.... Read more
Affected Products : mathjs- EPSS Score: %0.49
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-1001002
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.... Read more
- EPSS Score: %1.04
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025