Total
7171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13877 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app. | |||||
| CVE-2017-12723 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications. | |||||
| CVE-2017-12175 | 1 Redhat | 1 Satellite | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. | |||||
| CVE-2017-12165 | 1 Redhat | 2 Jboss Enterprise Application Platform, Undertow | 2024-11-21 | 5.0 MEDIUM | 2.6 LOW |
| It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. | |||||
| CVE-2017-12092 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2017-1000401 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 1.2 LOW | 2.2 LOW |
| The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged. | |||||
| CVE-2016-9581 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 6.8 MEDIUM | 3.3 LOW |
| An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. | |||||
| CVE-2016-9580 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 6.8 MEDIUM | 3.3 LOW |
| An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. | |||||
| CVE-2016-9062 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
| CVE-2016-8651 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 2.7 LOW | 3.1 LOW |
| An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image. | |||||
| CVE-2016-8623 | 1 Haxx | 1 Curl | 2024-11-21 | 5.0 MEDIUM | 3.3 LOW |
| A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. | |||||
| CVE-2016-8622 | 1 Haxx | 1 Libcurl | 2024-11-21 | 7.5 HIGH | 3.7 LOW |
| The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer. | |||||
| CVE-2016-8617 | 1 Haxx | 1 Curl | 2024-11-21 | 4.4 MEDIUM | 3.3 LOW |
| The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. | |||||
| CVE-2016-8616 | 1 Haxx | 1 Curl | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. | |||||
| CVE-2016-8609 | 1 Redhat | 1 Keycloak | 2024-11-21 | 5.8 MEDIUM | 3.7 LOW |
| It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks. | |||||
| CVE-2016-8535 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found. | |||||
| CVE-2016-7061 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. | |||||
| CVE-2016-6586 | 1 Symantec | 1 Norton Mobile Security | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist. | |||||
| CVE-2016-6542 | 1 Ieasytec | 1 Itrackeasy | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address. | |||||
| CVE-2016-6539 | 1 Thetrackr | 2 Trackr, Trackr Firmware | 2024-11-21 | 3.3 LOW | 3.5 LOW |
| The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | |||||