Vulnerabilities (CVE)

Total 23448 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9052 1 Libdwarf Project 1 Libdwarf 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().
CVE-2017-8074 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVE-2016-7406 1 Dropbear Ssh Project 1 Dropbear Ssh 2023-12-10 10.0 HIGH 9.8 CRITICAL
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
CVE-2014-8731 1 Phpmemcachedadmin Project 1 Phpmemcachedadmin 2023-12-10 10.0 HIGH 9.8 CRITICAL
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.
CVE-2017-8827 1 Genixcms 1 Genixcms 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
CVE-2017-9171 1 Autotrace Project 1 Autotrace 2023-12-10 7.5 HIGH 9.8 CRITICAL
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24.
CVE-2016-10312 1 Jensenofscandinavia 6 Al3g, Al3g Firmware, Al5000ac and 3 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages.
CVE-2017-6513 1 Softaculous 2 Virtualizor, Whmcs Reseller Module 2023-12-10 6.5 MEDIUM 9.9 CRITICAL
The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.
CVE-2017-5142 1 Honeywell 1 Xl Web Ii Controller 2023-12-10 6.5 MEDIUM 9.1 CRITICAL
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.
CVE-2017-8917 1 Joomla 1 Joomla\! 2023-12-10 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-10195 2 Debian, Libevent Project 2 Debian Linux, Libevent 2023-12-10 7.5 HIGH 9.8 CRITICAL
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
CVE-2017-7324 1 Modx 1 Modx Revolution 2023-12-10 7.5 HIGH 9.8 CRITICAL
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
CVE-2016-9132 1 Botan Project 1 Botan 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
CVE-2016-6629 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
CVE-2017-2684 1 Siemens 1 Simatic Logon 2023-12-10 6.8 MEDIUM 9.0 CRITICAL
Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.
CVE-2017-7410 1 Websitebaker 1 Websitebaker 2023-12-10 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
CVE-2015-8771 1 Gosa Project 1 Gosa Plugin 2023-12-10 7.5 HIGH 9.8 CRITICAL
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
CVE-2017-9165 1 Autotrace Project 1 Autotrace 2023-12-10 7.5 HIGH 9.8 CRITICAL
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11.
CVE-2017-6558 1 Iball 2 Ib-wra150n, Ib-wra150n Firmware 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.
CVE-2017-6465 1 Ftpshell 1 Ftpshell Client 2023-12-10 7.5 HIGH 9.8 CRITICAL
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.