Latest CVE Feed
-
6.1
MEDIUMCVE-2016-9257
In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Log... Read more
Affected Products : big-ip_access_policy_manager- Published: May. 09, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2016-9256
In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a r... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe- Published: May. 09, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2016-9253
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe- Published: May. 09, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2016-9251
In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe- Published: May. 09, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2016-6799
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a m... Read more
Affected Products : cordova- Published: May. 09, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-0290
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 17... Read more
- Published: May. 09, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-4982
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.... Read more
Affected Products : mainframe_enablers_resourcepak_base- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
3.5
LOWCVE-2017-0895
Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.... Read more
Affected Products : nextcloud_server- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-0894
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.... Read more
Affected Products : nextcloud_server- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-0893
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs... Read more
Affected Products : nextcloud_server- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-0892
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.... Read more
Affected Products : nextcloud_server- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-0891
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.... Read more
Affected Products : nextcloud_server- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-0890
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.... Read more
Affected Products : nextcloud_server- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2016-8209
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and rel... Read more
- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2016-8202
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via ... Read more
Affected Products : fabric_operating_system- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2016-10369
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).... Read more
Affected Products : lxterminal- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-8848
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.... Read more
- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6953
Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.... Read more
Affected Products : smartdiag_diagnosis_tool- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
7.0
HIGHCVE-2017-6051
An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the ... Read more
Affected Products : visualview_hmi- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-8825
A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail address... Read more
Affected Products : libetpan- Published: May. 08, 2017
- Modified: Apr. 20, 2025