Vulnerabilities (CVE)

Total 24078 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-11542 1 Tcpdump 1 Tcpdump 2023-12-10 7.5 HIGH 9.8 CRITICAL
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
CVE-2017-10366 1 Oracle 1 Peoplesoft Enterprise Peopletools 2023-12-10 7.5 HIGH 9.8 CRITICAL
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2017-17582 1 Grubhub Clone Project 1 Grubhub Clone 2023-12-10 7.5 HIGH 9.8 CRITICAL
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2016-6655 1 Cloudfoundry 2 Cf-mysql-release, Cf-release 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.
CVE-2017-14492 5 Canonical, Debian, Novell and 2 more 7 Ubuntu Linux, Debian Linux, Leap and 4 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
CVE-2015-5244 1 Mod Nss Project 1 Mod Nss 2023-12-10 7.5 HIGH 9.8 CRITICAL
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.
CVE-2017-0854 1 Google 1 Android 2023-12-10 8.5 HIGH 9.1 CRITICAL
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837.
CVE-2017-9785 1 Nancyfx 1 Nancy 2023-12-10 7.5 HIGH 9.8 CRITICAL
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.
CVE-2017-9224 2 Oniguruma Project, Php 2 Oniguruma, Php 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
CVE-2015-9044 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.
CVE-2017-11743 1 Medhost 1 Connex 2023-12-10 7.5 HIGH 9.8 CRITICAL
MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensitive patient information. The admin account password is hard-coded as $K8t1ng throughout the application, and is the same across all installations. Customers do not have the option to change the Mirth Connect admin account password. The Mirth Connect admin account is created during the Connex install. The plaintext account password is hard-coded multiple times in the Connex install and update scripts.
CVE-2017-11445 1 Intelliants 1 Subrion Cms 2023-12-10 7.5 HIGH 9.8 CRITICAL
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
CVE-2016-5405 1 Redhat 4 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 1 more 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.
CVE-2017-12822 1 Sentinel 1 Sentinel Ldk Rte Firmware 2023-12-10 7.5 HIGH 9.9 CRITICAL
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.
CVE-2017-12369 1 Cisco 1 Webex Meetings 2023-12-10 6.8 MEDIUM 9.6 CRITICAL
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve30208, CSCve30214, CSCve30268.
CVE-2017-7728 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.
CVE-2017-7679 1 Apache 1 Http Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
CVE-2017-8124 1 Huawei 1 Uma 2023-12-10 7.5 HIGH 9.8 CRITICAL
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
CVE-2017-17620 1 Lawyer Search Script Project 1 Lawyer Search Script 2023-12-10 7.5 HIGH 9.8 CRITICAL
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
CVE-2012-2778 1 Ffmpeg 1 Ffmpeg 2023-12-10 7.5 HIGH 9.8 CRITICAL
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.