CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2016-4818 DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. | N/A | NONE | — | 0 |
| CVE-2016-4842 Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. | N/A | NONE | — | 0 |
| CVE-2016-4843 Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. | N/A | NONE | — | 0 |
| CVE-2016-4844 Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. | N/A | NONE | — | 0 |
| CVE-2016-4850 LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2016-7527 coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-4862 Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | N/A | NONE | — | 0 |
| CVE-2016-5010 coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. | N/A | NONE | — | 0 |
| CVE-2016-7513 Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7514 The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7516 The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7517 The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7518 The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7520 Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7521 Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7525 Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7526 coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7530 The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7532 coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7534 The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7535 coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. | 6.5 | MEDIUM | — | 0 |
| CVE-2017-2806 An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory di... | N/A | NONE | — | 0 |
| CVE-2016-7538 coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7540 coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. | N/A | NONE | — | 0 |
| CVE-2016-8721 An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can... | 9.1 | CRITICAL | — | 0 |
| CVE-2017-2784 An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certi... | N/A | NONE | — | 0 |
| CVE-2016-8923 IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that the... | N/A | NONE | — | 0 |
| CVE-2017-5183 NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. | N/A | NONE | — | 0 |
| CVE-2017-5156 A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will ... | 8.8 | HIGH | — | 0 |
| CVE-2017-5158 An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL paramet... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-5160 An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security withou... | 5.3 | MEDIUM | — | 0 |
| CVE-2015-8285 The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. | N/A | NONE | — | 0 |
| CVE-2016-1161 Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). | N/A | NONE | — | 0 |
| CVE-2016-9978 IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. | N/A | NONE | — | 0 |
| CVE-2016-3729 The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the adminis... | N/A | NONE | — | 0 |
| CVE-2016-3731 Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. | N/A | NONE | — | 0 |
| CVE-2016-3732 The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of ... | N/A | NONE | — | 0 |
| CVE-2016-3733 The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | N/A | NONE | — | 0 |
| CVE-2016-3734 Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack th... | N/A | NONE | — | 0 |
| CVE-2016-5401 Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page... | N/A | NONE | — | 0 |
| CVE-2017-1122 IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174... | N/A | NONE | — | 0 |
| CVE-2016-6368 A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a den... | N/A | NONE | — | 0 |
| CVE-2017-3793 A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthe... | N/A | NONE | — | 0 |
| CVE-2017-3808 A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a de... | N/A | NONE | — | 0 |
| CVE-2017-3860 Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overfl... | N/A | NONE | — | 0 |
| CVE-2017-3861 Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overfl... | N/A | NONE | — | 0 |
| CVE-2017-3862 Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overfl... | N/A | NONE | — | 0 |
| CVE-2017-3863 Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overfl... | N/A | NONE | — | 0 |
| CVE-2017-4969 The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. | N/A | NONE | — | 0 |
| CVE-2017-6611 A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the we... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.