Total
24574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-6360 | 1 Qnap | 1 Qts | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. | |||||
CVE-2017-2320 | 1 Juniper | 1 Northstar Controller | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. | |||||
CVE-2016-10134 | 1 Zabbix | 1 Zabbix | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | |||||
CVE-2017-2523 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. | |||||
CVE-2016-7790 | 1 Exponentcms | 1 Exponent Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution. | |||||
CVE-2016-6830 | 1 Call-cc | 1 Chicken | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released). | |||||
CVE-2016-10105 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence. | |||||
CVE-2017-8856 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | |||||
CVE-2016-6496 | 1 Atlassian | 1 Crowd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | |||||
CVE-2017-2989 | 1 Adobe | 1 Campaign | 2023-12-10 | 7.5 HIGH | 9.1 CRITICAL |
Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. | |||||
CVE-2016-6199 | 1 Gradle | 1 Gradle | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. | |||||
CVE-2017-9160 | 1 Autotrace Project | 1 Autotrace | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12. | |||||
CVE-2017-8872 | 1 Xmlsoft | 1 Libxml2 | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. | |||||
CVE-2017-5145 | 1 Carlosgavazzi | 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | |||||
CVE-2016-4010 | 1 Magento | 1 Magento | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. | |||||
CVE-2017-6409 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. | |||||
CVE-2016-9303 | 1 Autodesk | 1 Fbx Software Development Kit | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files. | |||||
CVE-2016-5074 | 1 Cloudviewnms | 1 Cloudview Nms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CloudView NMS before 2.10a has a format string issue exploitable over SNMP. | |||||
CVE-2016-7929 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header(). | |||||
CVE-2017-2519 | 2 Apple, Debian | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement. |