Vulnerabilities (CVE)

Total 24078 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12986 1 Tcpdump 1 Tcpdump 2023-12-10 7.5 HIGH 9.8 CRITICAL
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
CVE-2017-13021 1 Tcpdump 1 Tcpdump 2023-12-10 7.5 HIGH 9.8 CRITICAL
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
CVE-2015-7241 1 Sap 1 Netweaver 2023-12-10 7.5 HIGH 9.8 CRITICAL
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
CVE-2017-7406 1 Dlink 1 Dir-615 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.
CVE-2017-14402 1 Eyesofnetwork 1 Eyesofnetwork 2023-12-10 7.5 HIGH 9.8 CRITICAL
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
CVE-2017-11381 1 Trendmicro 1 Deep Discovery Director 2023-12-10 7.5 HIGH 9.8 CRITICAL
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.
CVE-2017-17897 1 Dolibarr 1 Dolibarr Erp\/crm 2023-12-10 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2017-1000219 1 Windows-cpu Project 1 Windows-cpu 2023-12-10 7.5 HIGH 9.8 CRITICAL
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user
CVE-2015-9048 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets.
CVE-2017-2864 1 Meetcircle 2 Circle With Disney, Circle With Disney Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability.
CVE-2017-11715 1 Metinfo Project 1 Metinfo 2023-12-10 6.5 MEDIUM 9.8 CRITICAL
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.
CVE-2017-14637 1 Sam2p Project 1 Sam2p 2023-12-10 7.5 HIGH 9.8 CRITICAL
In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address.
CVE-2015-0782 1 Novell 1 Zenworks Configuration Management 2023-12-10 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-10842 1 Basercms 1 Basercms 2023-12-10 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-17033 1 Qnap 1 Qts 2023-12-10 7.5 HIGH 9.8 CRITICAL
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
CVE-2016-7835 2 Dena, H2o Project 2 H2o, H2o 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.
CVE-2017-10329 1 Oracle 1 Global Order Promising 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Vulnerability in the Oracle Global Order Promising component of Oracle E-Business Suite (subcomponent: Reschedule Sales Orders). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Global Order Promising. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Order Promising accessible data as well as unauthorized access to critical data or complete access to all Oracle Global Order Promising accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2017-11124 1 Xar Project 1 Xar 2023-12-10 7.5 HIGH 9.8 CRITICAL
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.
CVE-2017-2800 1 Wolfssl 1 Wolfssl 2023-12-10 7.5 HIGH 9.8 CRITICAL
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.
CVE-2017-14403 1 Eyesofnetwork 1 Eyesofnetwork 2023-12-10 7.5 HIGH 9.8 CRITICAL
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.