Total
24574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-10269 | 1 Oracle | 1 Tuxedo | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L). | |||||
CVE-2017-9191 | 1 Autotrace Project | 1 Autotrace | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15. | |||||
CVE-2017-15607 | 1 Inedo | 1 Otter | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. | |||||
CVE-2017-17951 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | |||||
CVE-2017-1000197 | 1 Octobercms | 1 October | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server. | |||||
CVE-2017-1000173 | 1 Creolabs | 1 Gravity | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow. | |||||
CVE-2017-2780 | 1 Matrixssl | 1 Matrixssl | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection. | |||||
CVE-2017-10089 | 4 Debian, Netapp, Oracle and 1 more | 26 Debian Linux, Active Iq Unified Manager, Cloud Backup and 23 more | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
CVE-2017-11383 | 1 Trendmicro | 1 Control Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560. | |||||
CVE-2017-6034 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. | |||||
CVE-2017-16920 | 1 Finecms | 1 Finecms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php. | |||||
CVE-2017-6714 | 1 Cisco | 1 Ultra Services Framework Staging Server | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673. | |||||
CVE-2017-12787 | 1 Noviflow | 1 Noviware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow. | |||||
CVE-2017-17574 | 1 Care Clone Project | 1 Care Clone | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. | |||||
CVE-2014-4914 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | |||||
CVE-2008-7315 | 1 Cpan | 1 Ui\ | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. | |||||
CVE-2017-14907 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key. | |||||
CVE-2017-1000206 | 1 Htslib | 1 Htslib | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution | |||||
CVE-2017-13054 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). | |||||
CVE-2016-4473 | 2 Php, Suse | 3 Php, Linux Enterprise Module For Web Scripting, Linux Enterprise Software Development Kit | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. |