| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. |
| A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert. |
| browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. |
| Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. |
| Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot. |
| Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0. |
| A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. |
| A password generation weakness exists in xquest through 2016-06-13. |
| Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). |
| WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS |
| A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation. |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings. |
| Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. |
| In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. |
| In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. |
| In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. |
| A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. |
| A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26 |
