SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.13%
Published
2017-05-31
Updated
2017-06-09
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.12%
Published
2017-05-31
Updated
2017-06-09
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.15%
Published
2017-05-31
Updated
2017-06-08
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.21%
Published
2017-05-31
Updated
2019-10-03
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-05-29
Updated
2017-06-08
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.12%
Published
2017-05-29
Updated
2017-06-08
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.47%
Published
2017-05-29
Updated
2017-06-06
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.82%
Published
2017-05-29
Updated
2017-11-23
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-05-29
Updated
2017-11-24
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.
Source: MITRE
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-05-29
Updated
2017-06-08
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-05-29
Updated
2017-06-08
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-05-29
Updated
2017-06-08
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.11%
Published
2017-05-29
Updated
2017-06-08
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.44%
Published
2017-05-29
Updated
2019-10-03
Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-05-29
Updated
2017-10-05
Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter).
Source: MITRE
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-05-29
Updated
2017-06-08
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
Source: MITRE
Max CVSS
6.1
EPSS Score
0.17%
Published
2017-05-29
Updated
2017-07-17
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Source: MITRE
Max CVSS
6.5
EPSS Score
91.50%
Published
2017-05-29
Updated
2022-06-13
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
Source: MITRE
Max CVSS
9.8
EPSS Score
1.85%
Published
2017-05-29
Updated
2019-10-03
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.43%
Published
2017-05-29
Updated
2019-10-03
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.25%
Published
2017-05-29
Updated
2018-01-05
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-05-29
Updated
2019-10-03
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-05-29
Updated
2019-10-03
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-05-28
Updated
2017-06-08
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-05-28
Updated
2017-06-08
1010 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!