Latest CVE Feed
-
9.8
CRITICALCVE-2017-11414
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id'].... Read more
Affected Products : fiyo_cms- EPSS Score: %0.23
- Published: Jul. 18, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-1141
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907.... Read more
Affected Products : insights_foundation_for_energy- EPSS Score: %0.18
- Published: Apr. 28, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2017-11396
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.... Read more
Affected Products : interscan_web_security_virtual_appliance- EPSS Score: %0.88
- Published: Sep. 22, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-11327
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload.... Read more
Affected Products : tilde_cms- EPSS Score: %0.26
- Published: Jul. 24, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-11353
yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.... Read more
Affected Products : yadm- EPSS Score: %0.17
- Published: Jul. 17, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-1130
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.... Read more
- EPSS Score: %65.48
- Published: Sep. 05, 2017
- Modified: Apr. 20, 2025
-
2.9
LOWCVE-2017-1124
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.... Read more
Affected Products : maximo_asset_management- EPSS Score: %0.05
- Published: Mar. 07, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-11194
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject... Read more
Affected Products : pulse_connect_secure- EPSS Score: %0.24
- Published: Jul. 12, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-11159
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.d... Read more
- EPSS Score: %0.16
- Published: Aug. 23, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-11092
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur.... Read more
Affected Products : android- EPSS Score: %0.09
- Published: Nov. 16, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-11098
When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.... Read more
Affected Products : swftools- EPSS Score: %0.41
- Published: Jul. 07, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-11059
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow.... Read more
Affected Products : android- EPSS Score: %0.02
- Published: Oct. 10, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-11029
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer,... Read more
Affected Products : android- EPSS Score: %0.02
- Published: Nov. 16, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-1101
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more
Affected Products : rational_quality_manager- EPSS Score: %0.27
- Published: Jun. 13, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-1100
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more
Affected Products : rational_quality_manager- EPSS Score: %0.27
- Published: Jun. 13, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-11002
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur.... Read more
Affected Products : android- EPSS Score: %0.10
- Published: Sep. 21, 2017
- Modified: Apr. 20, 2025
-
6.4
MEDIUMCVE-2017-10418
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft CDA). The supported version that is affected is 8.56. Easily exploitable vulnerability allows low privileged attacker with network ... Read more
Affected Products : peoplesoft_enterprise_peopletools- EPSS Score: %0.21
- Published: Oct. 19, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-10991
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.... Read more
- EPSS Score: %0.21
- Published: Jul. 07, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-10976
When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c.... Read more
Affected Products : swftools- EPSS Score: %0.33
- Published: Jul. 06, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-10901
Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.... Read more
- EPSS Score: %0.70
- Published: Dec. 01, 2017
- Modified: Apr. 20, 2025