Total
31857 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000483 | 1 Plone | 1 Plone | 2024-11-21 | N/A |
| Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5. | ||||
| CVE-2017-1000451 | 1 Fs-git Project | 1 Fs-git | 2024-11-21 | N/A |
| fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec. | ||||
| CVE-2017-1000438 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | N/A |
| In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data. | ||||
| CVE-2017-1000424 | 1 Atom | 1 Electron | 2024-11-21 | N/A |
| Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control. | ||||
| CVE-2017-0751 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061. | ||||
| CVE-2017-0744 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744. | ||||
| CVE-2017-0431 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899. | ||||
| CVE-2017-0371 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute. | ||||
| CVE-2017-0359 | 2 Debian, Reproducible Builds | 2 Debian Linux, Diffoscope | 2024-11-21 | 9.8 Critical |
| diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. | ||||
| CVE-2016-9652 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 9.8 Critical |
| Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. | ||||
| CVE-2016-8518 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | N/A |
| A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | ||||
| CVE-2016-8516 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | N/A |
| A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | ||||
| CVE-2016-6813 | 1 Apache | 1 Cloudstack | 2024-11-21 | 9.8 Critical |
| Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources. | ||||
| CVE-2016-5194 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 9.8 Critical |
| Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. | ||||
| CVE-2016-4606 | 2 Apple, Haxx | 2 Mac Os X, Curl | 2024-11-21 | 9.8 Critical |
| Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. | ||||
| CVE-2016-4427 | 1 Zulip | 1 Zulip | 2024-11-21 | 7.5 High |
| In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. | ||||
| CVE-2016-4426 | 1 Zulip | 1 Zulip | 2024-11-21 | 4.3 Medium |
| In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. | ||||
| CVE-2016-20010 | 1 Ewww | 1 Image Optimizer | 2024-11-21 | 10.0 Critical |
| EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5. | ||||
| CVE-2016-20006 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 7.5 High |
| The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2016-1239 | 1 Debian | 1 Duck | 2024-11-21 | 9.8 Critical |
| duck before 0.10 did not properly handle loading of untrusted code from the current directory. | ||||