Total
19153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11304 | 1 Adobe | 1 Photoshop | 2017-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-11303 | 1 Adobe | 1 Photoshop | 2017-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-10899 | 1 Ark-web | 1 A-reserve | 2017-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-10898 | 1 Ark-web | 1 A-member | 2017-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-11291 | 1 Adobe | 1 Connect | 2017-12-14 | 6.4 MEDIUM | 10.0 CRITICAL |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | |||||
| CVE-2017-16613 | 2 Debian, Openstack | 3 Debian Linux, Swauth, Swift | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team. | |||||
| CVE-2017-8045 | 1 Pivotal Software | 1 Spring Advanced Message Queuing Protocol | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack. | |||||
| CVE-2017-8359 | 1 Grpc | 1 Grpc | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. | |||||
| CVE-2017-13071 | 1 Qnap | 2 Qts, Video Station | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier. | |||||
| CVE-2017-16903 | 1 Lvyecms Project | 1 Lvyecms | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php. | |||||
| CVE-2017-8862 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2017-12-12 | 10.0 HIGH | 9.8 CRITICAL |
| The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges. | |||||
| CVE-2017-8864 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2017-12-12 | 10.0 HIGH | 9.8 CRITICAL |
| Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test. | |||||
| CVE-2017-10902 | 1 Princeton | 2 Ptw-wms1, Ptw-wms1 Firmware | 2017-12-12 | 10.0 HIGH | 9.8 CRITICAL |
| PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-10903 | 1 Princeton | 2 Ptw-wms1, Ptw-wms1 Firmware | 2017-12-12 | 10.0 HIGH | 9.8 CRITICAL |
| Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. | |||||
| CVE-2015-3934 | 1 Fiyo | 1 Fiyo Cms | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login. | |||||
| CVE-2017-2738 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2017-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. | |||||
| CVE-2017-16934 | 1 Dbltek | 1 Web Server | 2017-12-11 | 10.0 HIGH | 9.8 CRITICAL |
| The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter. | |||||
| CVE-2017-7555 | 1 Augeas | 1 Augeas | 2017-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. | |||||
| CVE-2017-13701 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2017-12-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. | |||||
| CVE-2017-16896 | 1 Tt-rss | 1 Tiny Tiny Rss | 2017-12-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. | |||||