Total
250280 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-8033 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. | |||||
CVE-2014-9118 | 1 Dasanzhone | 2 Znid 2426a, Znid 2426a Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | |||||
CVE-2017-8813 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8831. Reason: This candidate is a duplicate of CVE-2017-8831. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2017-8831 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2017-12791 | 1 Saltstack | 1 Salt | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | |||||
CVE-2017-17009 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2015-3222 | 1 Ossec | 1 Ossec | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. | |||||
CVE-2017-6695 | 1 Cisco | 1 Ultra Services Platform | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839. | |||||
CVE-2018-0001 | 1 Juniper | 1 Junos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70. | |||||
CVE-2017-18001 | 1 Trustwave | 1 Secure Web Gateway | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. | |||||
CVE-2017-13160 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362. | |||||
CVE-2017-10133 | 1 Oracle | 1 Hospitality Hotel Mobile | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RestAPI). The supported version that is affected is 1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality Hotel Mobile accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||||
CVE-2016-7059 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none | |||||
CVE-2017-12077 | 1 Synology | 1 Router Manager | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | |||||
CVE-2018-5347 | 1 Seagate | 2 Personal Cloud, Personal Cloud Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. | |||||
CVE-2017-1222 | 1 Ibm | 1 Bigfix Platform | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862. | |||||
CVE-2017-9918 | 1 Irfanview | 2 Irfanview, Tools | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!QueryOptionalDelayLoadedAPI+0x0000000000000c42." | |||||
CVE-2017-17695 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | |||||
CVE-2017-17596 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. | |||||
CVE-2018-5281 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. | |||||
CVE-2017-8501 | 1 Microsoft | 6 Excel, Excel Viewer, Office and 3 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502. |