CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7474 | critical | 9.8 | 9.8 | 9y ago | keycloak-connect and keycloak-js improperly handle invalid tokens | |||
| CVE-2017-8911 | critical | 9.8 | 9.8 | 9y ago | An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker. | |||
| CVE-2017-8898 | critical | 9.8 | 9.8 | 9y ago | Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack use… | |||
| CVE-2017-5461 | critical | 9.8 | 9.8 | 9y ago | Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of… | |||
| CVE-2017-7888 | critical | 9.8 | 9.8 | 9y ago | Dolibarr ERP and CRM Insecure Encryption | |||
| CVE-2017-7886 | critical | 9.8 | 9.8 | 9y ago | Dolibarr SQL Injection in doli/theme/eldy/style.css.php via the lang parameter | |||
| CVE-2017-8859 | critical | 9.8 | 9.8 | 9y ago | In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. | |||
| CVE-2017-8858 | critical | 9.8 | 9.8 | 9y ago | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. | |||
| CVE-2017-8857 | critical | 9.8 | 9.8 | 9y ago | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | |||
| CVE-2017-8856 | critical | 9.8 | 9.8 | 9y ago | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | |||
| CVE-2017-3068 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execut… | |||
| CVE-2017-4982 | critical | 9.8 | 9.8 | 9y ago | EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise t… | |||
| CVE-2017-7925 | critical | 9.8 | 9.8 | 9y ago | A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX,… | |||
| CVE-2017-7909 | critical | 9.8 | 9.8 | 9y ago | A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and red… | |||
| CVE-2017-8799 | critical | 9.8 | 9.8 | 9y ago | Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To … | |||
| CVE-2017-8796 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | |||
| CVE-2017-8790 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection. | |||
| CVE-2017-8789 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. | |||
| CVE-2017-8303 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. | |||
| CVE-2017-8786 | critical | 9.8 | 9.8 | 9y ago | pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. | |||
| CVE-2017-8768 | critical | 9.8 | 9.8 | 9y ago | Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree… | |||
| CVE-2017-8775 | critical | 9.8 | 9.8 | 9y ago | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. | |||
| CVE-2017-8774 | critical | 9.8 | 9.8 | 9y ago | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. | |||
| CVE-2017-8773 | critical | 9.8 | 9.8 | 9y ago | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validatio… | |||
| CVE-2017-7432 | critical | 9.8 | 9.8 | 9y ago | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. | |||
| CVE-2017-7476 | critical | 9.8 | 9.8 | 9y ago | Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. | |||
| CVE-2017-6551 | critical | 9.8 | 9.8 | 9y ago | Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. | |||
| CVE-2017-8399 | critical | 9.8 | 9.8 | 9y ago | PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." | |||
| CVE-2017-8378 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspe… | |||
| CVE-2017-8366 | critical | 9.8 | 9.8 | 9y ago | The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other imp… | |||
| CVE-2017-8359 | critical | 9.8 | 9.8 | 9y ago | Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. | |||
| CVE-2017-8358 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. | |||
| CVE-2017-7981 | high | 8.8 | 9.8 | 9y ago | Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before … | |||
| CVE-2017-7945 | critical | 9.8 | 9.8 | 9y ago | The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempt… | |||
| CVE-2017-2142 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-7895 | critical | 9.8 | 9.8 | 9y ago | The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possi… | |||
| CVE-2017-8305 | critical | 9.8 | 9.8 | 9y ago | The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. UDFclient's strlcpy is used only on systems with a C library (e.g., glibc) that lacks its own strlcpy. | |||
| CVE-2017-8307 | critical | 9.8 | 9.8 | 9y ago | In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulner… | |||
| CVE-2017-8297 | critical | 9.8 | 9.8 | 9y ago | A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | |||
| CVE-2017-8289 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attac… | |||
| CVE-2017-8287 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. | |||
| CVE-2017-8283 | critical | 9.8 | 9.8 | 9y ago | dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct dire… | |||
| CVE-2017-8218 | critical | 9.8 | 9.8 | 9y ago | vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password,… | |||
| CVE-2017-1274 | high | 8.8 | 9.8 | 9y ago | IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Fo… | |||
| CVE-2017-7221 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by levera… | |||
| CVE-2017-3576 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3563 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3561 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3234 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-8105 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | |||
| CVE-2017-7852 | high | 8.8 | 9.8 | 9y ago | D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the … | |||
| CVE-2017-8076 | critical | 9.8 | 9.8 | 9y ago | On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||
| CVE-2017-8075 | critical | 9.8 | 9.8 | 9y ago | On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||
| CVE-2017-8074 | critical | 9.8 | 9.8 | 9y ago | On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmw… | |||
| CVE-2017-7991 | critical | 9.8 | 9.8 | 9y ago | Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | |||
| CVE-2017-5158 | critical | 9.8 | 9.8 | 9y ago | An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parame… | |||
| CVE-2017-7692 | high | 8.8 | 9.8 | 9y ago | SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit … | |||
| CVE-2017-5645 | critical | 9.8 | 9.8 | 9y ago | Deserialization of Untrusted Data in Log4j | |||
| CVE-2017-5651 | critical | 9.8 | 9.8 | 9y ago | Expected Behavior Violation in Apache Tomcat | |||
| CVE-2017-7615 | high | 8.8 | 9.8 | 9y ago | MantisBT allows arbitrary password reset | |||
| CVE-2017-7882 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. | |||
| CVE-2017-7878 | critical | 9.8 | 9.8 | 9y ago | SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | |||
| CVE-2017-7875 | critical | 9.8 | 9.8 | 9y ago | In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer o… | |||
| CVE-2017-7870 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. | |||
| CVE-2017-7866 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. | |||
| CVE-2017-7865 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align… | |||
| CVE-2017-7864 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. | |||
| CVE-2017-7863 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | |||
| CVE-2017-7862 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | |||
| CVE-2017-7861 | critical | 9.8 | 9.8 | 9y ago | Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. | |||
| CVE-2017-7860 | critical | 9.8 | 9.8 | 9y ago | Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. | |||
| CVE-2017-7859 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | |||
| CVE-2017-7858 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. | |||
| CVE-2017-7857 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfob… | |||
| CVE-2017-7856 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. | |||
| CVE-2017-7628 | critical | 9.8 | 9.8 | 9y ago | The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | |||
| CVE-2017-7280 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code… | |||
| CVE-2017-7279 | critical | 9.8 | 9.8 | 9y ago | An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. | |||
| CVE-2017-7719 | critical | 9.8 | 9.8 | 9y ago | SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_function… | |||
| CVE-2017-3063 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code executio… | |||
| CVE-2017-3062 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbi… | |||
| CVE-2017-3060 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3059 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3037 | critical | 9.8 | 9.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploita… | |||
| CVE-2017-3006 | high | 8.8 | 9.8 | 9y ago | Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. | |||
| CVE-2017-7695 | critical | 9.8 | 9.8 | 9y ago | Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | |||
| CVE-2017-7691 | critical | 9.8 | 9.8 | 9y ago | A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | |||
| CVE-2017-7689 | critical | 9.8 | 9.8 | 9y ago | A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | |||
| CVE-2017-7625 | critical | 9.8 | 9.8 | 9y ago | In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | |||
| CVE-2017-7239 | critical | 9.8 | 9.8 | 9y ago | Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. | |||
| CVE-2017-5983 | critical | 9.8 | 9.8 | 9y ago | The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, … | |||
| CVE-2017-7614 | critical | 9.8 | 9.8 | 9y ago | elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote a… | |||
| CVE-2017-7577 | critical | 9.8 | 9.8 | 9y ago | XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. | |||
| CVE-2017-7576 | critical | 9.8 | 9.8 | 9y ago | DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credent… | |||
| CVE-2017-7575 | critical | 9.8 | 9.8 | 9y ago | Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus p… | |||
| CVE-2017-7574 | critical | 9.8 | 9.8 | 9y ago | Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized… | |||
| CVE-2017-3834 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete contr… | |||
| CVE-2017-0305 | critical | 9.8 | 9.8 | 9y ago | F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, an… | |||
| CVE-2017-7450 | critical | 9.8 | 9.8 | 9y ago | AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot,… | |||
| CVE-2017-7447 | high | 8.8 | 9.8 | 9y ago | HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code. |