Vulnerabilities (CVE)

Total 24045 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-11366 1 Codiad 1 Codiad 2023-12-10 7.5 HIGH 9.8 CRITICAL
components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
CVE-2017-12639 1 Ipswitch 1 Imail Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED.
CVE-2017-12679 1 Nexusphp 1 Nexusphp 2023-12-10 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
CVE-2017-12868 2 Php, Simplesamlphp 2 Php, Simplesamlphp 2023-12-10 7.5 HIGH 9.8 CRITICAL
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.
CVE-2015-9070 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.
CVE-2017-17589 1 Thumbtack Clone Project 1 Thumbtack Clone 2023-12-10 7.5 HIGH 9.8 CRITICAL
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
CVE-2012-2773 1 Ffmpeg 1 Ffmpeg 2023-12-10 7.5 HIGH 9.8 CRITICAL
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
CVE-2017-15813 1 Google 1 Android 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs.
CVE-2015-8592 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.
CVE-2017-15041 3 Debian, Golang, Redhat 7 Debian Linux, Go, Developer Tools and 4 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."
CVE-2017-10921 1 Xen 1 Xen 2023-12-10 10.0 HIGH 10.0 CRITICAL
The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.
CVE-2017-17633 1 Multiplex Movie Theater Booking Script Project 1 Multiplex Movie Theater Booking Script 2023-12-10 7.5 HIGH 9.8 CRITICAL
Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.
CVE-2017-11174 1 Xoops 1 Xoops 2023-12-10 7.5 HIGH 9.8 CRITICAL
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.
CVE-2017-15295 1 Sap 1 Point Of Sale Xpress Server 2023-12-10 10.0 HIGH 9.8 CRITICAL
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
CVE-2017-11444 1 Intelliants 1 Subrion Cms 2023-12-10 7.5 HIGH 9.8 CRITICAL
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
CVE-2017-13007 1 Tcpdump 1 Tcpdump 2023-12-10 7.5 HIGH 9.8 CRITICAL
The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().
CVE-2017-11281 6 Adobe, Apple, Google and 3 more 10 Flash Player, Macos, Chrome Os and 7 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2016-8964 1 Ibm 2 Bigfix Inventory, License Metric Tool 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853.
CVE-2017-16521 1 Inedo 1 Buildmaster 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.
CVE-2017-17599 1 Advance Online Learning Management Script Project 1 Advance Online Learning Management Script 2023-12-10 7.5 HIGH 9.8 CRITICAL
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.