Total
248618 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11470 | 1 Idera | 1 Uptime Infrastructure Monitor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. | |||||
CVE-2017-9479 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem. | |||||
CVE-2016-7820 | 1 Iodata | 4 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 1 more | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. | |||||
CVE-2017-14361 | 1 Microfocus | 1 Project And Portfolio Management | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack. | |||||
CVE-2017-1193 | 1 Ibm | 1 Sterling B2b Integrator | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. | |||||
CVE-2017-17519 | 1 Ocaml Batteries Project | 1 Ocaml Batteries | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
CVE-2017-12668 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. | |||||
CVE-2018-5287 | 1 Gd Rating System Project | 1 Gd Rating System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | |||||
CVE-2018-2584 | 1 Oracle | 1 Webcenter Sites | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
CVE-2017-11406 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. | |||||
CVE-2017-15611 | 1 Octopus | 1 Octopus Deploy | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges. | |||||
CVE-2016-5871 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. | |||||
CVE-2017-0734 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38014992. | |||||
CVE-2016-3696 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||||
CVE-2017-14653 | 1 Asp4cms | 1 Aspcms | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. | |||||
CVE-2015-5057 | 1 Broken Link Checker Project | 1 Broken Link Checker | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | |||||
CVE-2017-9313 | 1 Webmin | 1 Webmin | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840. | |||||
CVE-2017-2224 | 1 Web-dorado | 1 Event Calendar Wd | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-10048 | 1 Oracle | 1 Enterprise Repository | 2023-12-10 | 5.8 MEDIUM | 8.2 HIGH |
Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Web Interface). Supported versions that are affected are 11.1.1.7.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Repository. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Repository, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Repository accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Repository accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
CVE-2017-2190 | 1 Sharp | 1 Rw-4040 | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |