Total
24574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17571 | 1 Foodpanda Clone Project | 1 Foodpanda Clone | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter. | |||||
| CVE-2017-15974 | 1 Datacomponents | 1 Tpanel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. | |||||
| CVE-2017-9228 | 2 Oniguruma Project, Php | 2 Oniguruma, Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. | |||||
| CVE-2017-14138 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. | |||||
| CVE-2017-3124 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-17878 | 1 Valvesoftware | 2 Steam Link, Steam Link Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting). | |||||
| CVE-2017-8390 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. | |||||
| CVE-2017-15946 | 1 Selfget | 1 Tag Meta | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. | |||||
| CVE-2017-8046 | 2 Pivotal Software, Vmware | 2 Spring Data Rest, Spring Boot | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. | |||||
| CVE-2014-9474 | 1 Mpfr | 1 Gnu Mpfr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str. | |||||
| CVE-2014-9976 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | |||||
| CVE-2014-0121 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | |||||
| CVE-2015-8009 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials. | |||||
| CVE-2017-11693 | 1 Medhost | 1 Medhost Document Management System | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System. | |||||
| CVE-2017-7278 | 1 Aptus | 2 Styra Porttelefonkort 4400, Styra Porttelefonkort 4400 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. | |||||
| CVE-2017-17578 | 1 Crowdfunding Script Project | 1 Crowdfunding Script | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | |||||
| CVE-2014-9969 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. | |||||
| CVE-2017-13037 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). | |||||
| CVE-2017-12873 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. | |||||
| CVE-2016-7836 | 1 Skygroup | 1 Skysea Client View | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program. | |||||