Total
247134 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-16383 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document. | |||||
CVE-2017-10933 | 1 Zte | 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | |||||
CVE-2018-0008 | 1 Juniper | 40 Ex2200, Ex2300, Ex3300 and 37 more | 2023-12-10 | 7.2 HIGH | 6.2 MEDIUM |
An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue. | |||||
CVE-2016-9714 | 1 Ibm | 1 Infosphere Master Data Management Server | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. | |||||
CVE-2017-14023 | 1 Siemens | 2 Simatic Pcs7, Simatic Wincc | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. | |||||
CVE-2017-11760 | 1 Projeqtor | 1 Projeqtor | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area. | |||||
CVE-2017-10851 | 2 Fujixerox, Microsoft | 2 Contentsbridge Utility, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10399 | 1 Oracle | 1 Hospitality Cruise Fleet Management | 2023-12-10 | 3.5 LOW | 3.1 LOW |
Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: GangwayActivityWebApp). The supported version that is affected is 9.0.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Cruise Fleet Management. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2017-13201 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768. | |||||
CVE-2017-14832 | 1 Foxitsoftware | 1 Foxit Reader | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Caret Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5024. | |||||
CVE-2015-7853 | 2 Netapp, Ntp | 6 Clustered Data Ontap, Data Ontap, Oncommand Balance and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. | |||||
CVE-2017-15667 | 1 Flexense | 1 Sysgauge | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. | |||||
CVE-2015-8707 | 1 Magento | 1 Magento | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field. | |||||
CVE-2017-12979 | 1 Dokuwiki | 1 Dokuwiki | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. | |||||
CVE-2017-11344 | 1 Asuswrt-merlin Project | 56 Rt-ac1200, Rt-ac1200 Firmware, Rt-ac3100 and 53 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. | |||||
CVE-2017-17103 | 1 Fiyo | 1 Fiyo Cms | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. | |||||
CVE-2017-2014 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-7021 | 1 Apple | 1 Mac Os X | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
CVE-2015-8621 | 1 Tcoffee | 1 T-coffee | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally. | |||||
CVE-2017-1000473 | 1 Linux-dash Project | 1 Linux-dash | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. |