Total
19001 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7273 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | |||||
| CVE-2015-2885 | 1 Lens Laboratories | 2 Peek-a-view, Peek-a-view Firmware | 2017-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | |||||
| CVE-2007-6760 | 1 Dataprobe | 2 Ibootbar, Ibootbar Firmware | 2017-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie. | |||||
| CVE-2007-6759 | 1 Dataprobe | 2 Ibootbar, Ibootbar Firmware | 2017-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie. | |||||
| CVE-2015-2887 | 1 Ibaby | 2 M3s Baby Monitor, M3s Baby Monitor Firmware | 2017-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| iBaby M3S has a password of admin for the backdoor admin account. | |||||
| CVE-2015-2881 | 1 Gynoii | 3 Gcw-1010, Gcw-1020, Gpw-1025 | 2017-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | |||||
| CVE-2017-7581 | 1 News System Project | 1 News System | 2017-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | |||||
| CVE-2017-6513 | 1 Softaculous | 2 Virtualizor, Whmcs Reseller Module | 2017-04-13 | 6.5 MEDIUM | 9.9 CRITICAL |
| The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. | |||||
| CVE-2014-3928 | 1 Lg Project | 1 Lg | 2017-04-11 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. | |||||
| CVE-2017-5949 | 1 Apple | 1 Safari | 2017-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm. | |||||
| CVE-2014-3927 | 1 Mrlg4php Project | 1 Mrlg4php | 2017-04-10 | 7.5 HIGH | 9.8 CRITICAL |
| mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | |||||
| CVE-2016-10312 | 1 Jensenofscandinavia | 6 Al3g, Al3g Firmware, Al5000ac and 3 more | 2017-04-10 | 10.0 HIGH | 9.8 CRITICAL |
| Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages. | |||||
| CVE-2016-5062 | 1 Aternity | 1 Aternity | 2017-04-10 | 9.3 HIGH | 9.8 CRITICAL |
| The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans. | |||||
| CVE-2017-2477 | 1 Apple | 1 Mac Os X | 2017-04-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-9693 | 1 Huawei | 64 Tecal Bh620 V2, Tecal Bh620 V2 Firmware, Tecal Bh621 V2 and 61 more | 2017-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to execute arbitrary code or restart the system via crafted DNS packets. | |||||
| CVE-2016-10309 | 1 Ceragon | 2 Fibeair Ip-10, Fibeair Ip-10 Firmware | 2017-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. | |||||
| CVE-2016-4119 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-04-05 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. | |||||
| CVE-2016-6111 | 1 Ibm | 1 Curam Social Program Management | 2017-04-04 | 8.5 HIGH | 9.1 CRITICAL |
| IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. | |||||
| CVE-2014-3931 | 1 Multi-router Looking Glass Project | 1 Multi-router Looking Glass | 2017-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. | |||||
| CVE-2008-7313 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2017-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | |||||