Total
24574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-5008 | 3 Debian, Redhat, Snoopy | 3 Debian Linux, Openstack, Snoopy | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Snoopy allows remote attackers to execute arbitrary commands. | |||||
CVE-2017-2477 | 1 Apple | 1 Mac Os X | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-8705 | 1 Memcached | 1 Memcached | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | |||||
CVE-2017-5202 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). | |||||
CVE-2015-2947 | 1 Grabacr.net | 1 Kancolleviewer | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic. | |||||
CVE-2017-9186 | 1 Autotrace Project | 1 Autotrace | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17. | |||||
CVE-2017-5522 | 2 Debian, Osgeo | 2 Debian Linux, Mapserver | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests. | |||||
CVE-2016-9019 | 1 Exponentcms | 1 Exponent Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | |||||
CVE-2017-3066 | 1 Adobe | 1 Coldfusion | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2014-3928 | 1 Lg Project | 1 Lg | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. | |||||
CVE-2016-7978 | 1 Artifex | 1 Ghostscript | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. | |||||
CVE-2016-9020 | 1 Exponentcms | 1 Exponent Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
CVE-2016-9087 | 1 Exponentcms | 1 Exponent Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. | |||||
CVE-2016-8233 | 1 Lenovo | 1 Xclarity Administrator | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | |||||
CVE-2017-5543 | 1 Intelliants | 1 Subrion | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. | |||||
CVE-2017-9173 | 1 Autotrace Project | 1 Autotrace | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29. | |||||
CVE-2017-6027 | 1 Codesys | 1 Web Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. | |||||
CVE-2016-7931 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print(). | |||||
CVE-2016-8749 | 1 Apache | 1 Camel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. | |||||
CVE-2014-7920 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. |