Total
19153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000248 | 1 Redis-store | 1 Redis-store | 2017-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis | |||||
| CVE-2017-1000169 | 1 Quickerbb Project | 1 Quickerbb | 2017-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB. | |||||
| CVE-2017-14024 | 1 Schneider-electric | 2 Wonderware Indusoft Web Studio, Wonderware Intouch | 2017-12-01 | 10.0 HIGH | 9.8 CRITICAL |
| A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges. | |||||
| CVE-2017-1000206 | 1 Htslib | 1 Htslib | 2017-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution | |||||
| CVE-2017-1000228 | 1 Ejs | 1 Ejs | 2017-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function | |||||
| CVE-2017-1000218 | 1 Lightftp Project | 1 Lightftp | 2017-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution. | |||||
| CVE-2017-1000172 | 1 Creolabs | 1 Gravity | 2017-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition. | |||||
| CVE-2017-1000210 | 1 Altran | 1 Picotcp | 2017-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack | |||||
| CVE-2017-1000237 | 1 I-librarian | 1 I Librarian | 2017-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | |||||
| CVE-2017-1000235 | 1 I-librarian | 1 I Librarian | 2017-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | |||||
| CVE-2017-16561 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2017-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | |||||
| CVE-2017-10871 | 1 Nttdocomo | 2 Wi-fi Station L-02f, Wi-fi Station L-02f Firmware | 2017-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-0872 | 1 Kabona | 1 Webdatorcentral | 2017-11-29 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. | |||||
| CVE-2008-7319 | 1 Net-ping-external Project | 1 Net-ping-external | 2017-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used. | |||||
| CVE-2015-3933 | 1 Metalgenix | 1 Genixcms | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | |||||
| CVE-2017-16634 | 1 Joomla | 1 Joomla\! | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | |||||
| CVE-2017-8809 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. | |||||
| CVE-2017-13846 | 1 Apple | 1 Mac Os X | 2017-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-13832 | 1 Apple | 1 Mac Os X | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0 support. | |||||
| CVE-2017-16848 | 1 Zohocorp | 1 Manageengine Applications Manager | 2017-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | |||||