Total
24574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7264 | 1 Proxygen Project | 1 Proxygen | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. | |||||
CVE-2017-6403 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. | |||||
CVE-2017-8857 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | |||||
CVE-2017-2641 | 1 Moodle | 1 Moodle | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | |||||
CVE-2017-7474 | 1 Keycloak | 1 Keycloak-nodejs-auth-utils | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks. | |||||
CVE-2015-8954 | 1 Openinfosecfoundation | 1 Suricata | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. | |||||
CVE-2017-5929 | 2 Qos, Redhat | 3 Logback, Satellite, Satellite Capsule | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. | |||||
CVE-2017-7450 | 1 Airtame | 2 Hdmi Dongle, Hdmi Dongle Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time. | |||||
CVE-2017-8399 | 1 Pcre | 1 Pcre2 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." | |||||
CVE-2016-6602 | 1 Zohocorp | 1 Webnms Framework | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit. | |||||
CVE-2016-9836 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types. | |||||
CVE-2015-7273 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | |||||
CVE-2016-10177 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. | |||||
CVE-2016-7951 | 2 Fedoraproject, X | 2 Fedora, Libxtst | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. | |||||
CVE-2016-10182 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters. | |||||
CVE-2016-10188 | 1 Bitlbee | 1 Bitlbee | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire. | |||||
CVE-2017-3063 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2016-6725 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970. | |||||
CVE-2014-3582 | 1 Apache | 1 Ambari | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | |||||
CVE-2017-1092 | 1 Ibm | 1 Informix Open Admin Tool | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390. |