Vulnerabilities (CVE)

Total 24045 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12822 1 Sentinel 1 Sentinel Ldk Rte Firmware 2023-12-10 7.5 HIGH 9.9 CRITICAL
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.
CVE-2017-12369 1 Cisco 1 Webex Meetings 2023-12-10 6.8 MEDIUM 9.6 CRITICAL
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve30208, CSCve30214, CSCve30268.
CVE-2017-7728 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.
CVE-2017-7679 1 Apache 1 Http Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
CVE-2017-8124 1 Huawei 1 Uma 2023-12-10 7.5 HIGH 9.8 CRITICAL
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
CVE-2017-17620 1 Lawyer Search Script Project 1 Lawyer Search Script 2023-12-10 7.5 HIGH 9.8 CRITICAL
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
CVE-2012-2778 1 Ffmpeg 1 Ffmpeg 2023-12-10 7.5 HIGH 9.8 CRITICAL
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.
CVE-2017-6211 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.
CVE-2017-2805 1 Foscam 2 C1 Hd Indoor Camera, C1 Hd Indoor Camera Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simply send an http request to the device to trigger this vulnerability.
CVE-2017-17606 1 Co-work Space Search Script Project 1 Co-work Space Search Script 2023-12-10 7.5 HIGH 9.8 CRITICAL
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-1000047 1 Rbenv Project 1 Rbenv 2023-12-10 7.5 HIGH 9.8 CRITICAL
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution
CVE-2015-9064 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.
CVE-2016-0872 1 Kabona 1 Webdatorcentral 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.
CVE-2014-3527 1 Vmware 1 Spring Security 2023-12-10 7.5 HIGH 9.8 CRITICAL
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.
CVE-2018-5723 1 Barni 2 Master Ip Camera01, Master Ip Camera01 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
MASTER IPCAMERA01 devices have a hardcoded password of cat1029 for the root account.
CVE-2017-10087 4 Debian, Netapp, Oracle and 1 more 26 Debian Linux, Active Iq Unified Manager, Cloud Backup and 23 more 2023-12-10 6.8 MEDIUM 9.6 CRITICAL
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVE-2017-15032 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2023-12-10 7.5 HIGH 9.8 CRITICAL
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVE-2016-6793 1 Apache 1 Wicket 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object.
CVE-2017-13204 1 Google 1 Android 2023-12-10 8.5 HIGH 9.1 CRITICAL
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.
CVE-2015-4629 1 Huawei 2 E5756s, E5756s Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.