| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2017-14727 |
|
|
2017-09-23 |
N/A |
| logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. |
| CVE-2017-14726 |
|
|
2017-09-23 |
N/A |
| Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. |
| CVE-2017-14725 |
|
|
2017-09-23 |
N/A |
| Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. |
| CVE-2017-14724 |
|
|
2017-09-23 |
N/A |
| Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. |
| CVE-2017-14723 |
|
|
2017-09-23 |
N/A |
| Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. |
| CVE-2017-14722 |
|
|
2017-09-23 |
N/A |
| Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. |
| CVE-2017-14721 |
|
|
2017-09-23 |
N/A |
| Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. |
| CVE-2017-14720 |
|
|
2017-09-23 |
N/A |
| Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. |
| CVE-2017-14719 |
|
|
2017-09-23 |
N/A |
| Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. |
| CVE-2017-14718 |
|
|
2017-09-23 |
N/A |
| Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. |
| CVE-2017-14627 |
|
|
2017-09-23 |
N/A |
| Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default... |
| CVE-2017-1000250 |
1 Bluez |
1 Bluez |
2017-09-23 |
3.3 |
| All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the... |
| CVE-2017-1490 |
1 Ibm |
1 Jazz Reporting Service |
2017-09-23 |
3.5 |
| An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. |
| CVE-2014-6191 |
1 Ibm |
1 Curam Social Program Management |
2017-09-23 |
3.5 |
| Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568. |
| CVE-2015-8224 |
1 Huawei |
1 P8 Firmware |
2017-09-23 |
4.3 |
| Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. |
| CVE-2015-3432 |
1 Pydio |
1 Pydio |
2017-09-23 |
4.3 |
| Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities." |
| CVE-2017-9725 |
|
|
2017-09-23 |
N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. |
| CVE-2017-9724 |
|
|
2017-09-23 |
N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address. |
| CVE-2017-9720 |
|
|
2017-09-23 |
N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. |
| CVE-2017-9677 |
|
|
2017-09-23 |
N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one... |
