Total
250630 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6023 | 1 Netcommwireless | 2 Hspa 3g10wve, Hspa 3g10wve Firmware | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. | |||||
CVE-2017-7985 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | |||||
CVE-2017-8855 | 1 Wolfssl | 1 Wolfssl | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. | |||||
CVE-2017-5553 | 1 B2evolution | 1 B2evolution | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL. | |||||
CVE-2016-9536 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." | |||||
CVE-2004-0012 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none | |||||
CVE-2017-3212 | 1 Sccu | 1 Space Coast Credit Union | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-5227 | 1 Qnap | 1 Qts | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file. | |||||
CVE-2017-0468 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708. | |||||
CVE-2015-8913 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | |||||
CVE-2017-5632 | 1 Asus | 2 Rt-n56u, Rt-n56u Firmware | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network. | |||||
CVE-2017-6535 | 1 Webpagetest Project | 1 Webpagetest | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
CVE-2016-3177 | 1 Giflib Project | 1 Giflib | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. | |||||
CVE-2016-9735 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, | |||||
CVE-2017-9050 | 1 Xmlsoft | 1 Libxml2 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. | |||||
CVE-2016-8352 | 1 Schneider-electric | 6 Connexium Firmware, Tcsefec23f3f20, Tcsefec23f3f21 and 3 more | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code. | |||||
CVE-2017-5581 | 1 Tigervnc | 1 Tigervnc | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries. | |||||
CVE-2008-1450 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | |||||
CVE-2009-1921 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none | |||||
CVE-2017-8366 | 1 Ettercap Project | 1 Ettercap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter. |