| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1051 |
CVE-2016-6804 |
264 |
|
Exec Code |
2017-11-20 |
2019-11-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon. |
|
1052 |
CVE-2016-6803 |
426 |
|
|
2017-11-13 |
2017-11-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. |
|
1053 |
CVE-2016-6024 |
200 |
|
+Info |
2017-11-27 |
2017-12-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. |
|
1054 |
CVE-2016-3048 |
79 |
|
XSS |
2017-11-01 |
2017-11-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711. |
|
1055 |
CVE-2016-0872 |
255 |
|
|
2017-11-07 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. |
|
1056 |
CVE-2015-7878 |
79 |
|
XSS |
2017-11-06 |
2017-11-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names. |
|
1057 |
CVE-2015-7529 |
59 |
|
+Priv +Info |
2017-11-06 |
2019-09-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. |
|
1058 |
CVE-2015-7501 |
502 |
|
Exec Code |
2017-11-09 |
2020-07-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. |
|
1059 |
CVE-2015-7269 |
254 |
|
Bypass |
2017-11-27 |
2017-12-20 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack." |
|
1060 |
CVE-2015-7268 |
254 |
|
Bypass |
2017-11-27 |
2017-12-20 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack." |
|
1061 |
CVE-2015-7267 |
254 |
|
Bypass |
2017-11-27 |
2017-12-20 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack." |
|
1062 |
CVE-2015-3934 |
89 |
|
Exec Code Sql |
2017-11-21 |
2017-12-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login. |
|
1063 |
CVE-2015-3933 |
89 |
|
Exec Code Sql |
2017-11-08 |
2017-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. |
|
1064 |
CVE-2014-4000 |
94 |
|
Exec Code |
2017-11-15 |
2017-11-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). |
|
1065 |
CVE-2014-3150 |
254 |
|
+Info |
2017-11-15 |
2017-12-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. |
|
1066 |
CVE-2014-2845 |
295 |
|
|
2017-11-15 |
2019-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. |
|
1067 |
CVE-2014-0219 |
20 |
|
DoS |
2017-11-15 |
2019-01-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. |
|
1068 |
CVE-2008-7319 |
77 |
|
Exec Code |
2017-11-07 |
2017-11-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used. |
