Total
4973 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7798 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. | |||||
| CVE-2017-3967 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames. | |||||
| CVE-2017-3907 | 1 Mcafee | 1 Mcafee Threat Intelligence Exchange | 2024-11-21 | 7.5 HIGH | 5.4 MEDIUM |
| Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | |||||
| CVE-2017-20099 | 1 Analytics Stats Counter Statistics Project | 1 Analytics Stats Counter Statistics | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely. | |||||
| CVE-2017-20095 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely. | |||||
| CVE-2017-20086 | 1 Automattic | 1 Vaultpress | 2024-11-21 | 6.0 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely. | |||||
| CVE-2017-20064 | 1 Elefantcms | 1 Elefant Cms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-1789 | 1 Ibm | 1 Tivoli Monitoring | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034. | |||||
| CVE-2017-1753 | 1 Ibm | 6 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 3 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655. | |||||
| CVE-2017-1721 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810. | |||||
| CVE-2017-1329 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231. | |||||
| CVE-2017-1248 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628. | |||||
| CVE-2017-1242 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524. | |||||
| CVE-2017-18924 | 1 Oauth2-server Project | 1 Oauth2-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not misleading and I also therefore wouldn't describe this as a "vulnerability" with the library per se. | |||||
| CVE-2017-18468 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | |||||
| CVE-2017-18356 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes. | |||||
| CVE-2017-18113 | 1 Atlassian | 2 Data Center, Jira | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) vulnerability. The vulnerability allowed for various problematic OSWorkflow classes to be used as part of workflows. The fix for this issue blocks usage of unsafe conditions, validators, functions and registers that are build-in into OSWorkflow library and other Jira dependencies. Atlassian-made functions or functions provided by 3rd party plugins are not affected by this fix. | |||||
| CVE-2017-18108 | 1 Atlassian | 1 Crowd | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection. | |||||
| CVE-2017-17098 | 1 Gps-server | 1 Gps Tracking Software | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request. | |||||
| CVE-2017-16905 | 2 Duolingo, Google | 2 Tinycards, Android | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack. | |||||