CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12858 | critical | 9.8 | 9.8 | 9y ago | Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. | |||
| CVE-2017-12791 | critical | 9.8 | 9.8 | 9y ago | Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master … | |||
| CVE-2017-11610 | high | 8.8 | 9.8 | 9y ago | The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC req… | |||
| CVE-2017-13139 | critical | 9.8 | 9.8 | 9y ago | In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. | |||
| CVE-2017-7420 | critical | 9.8 | 9.8 | 9y ago | An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Ho… | |||
| CVE-2017-12981 | critical | 9.8 | 9.8 | 9y ago | NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. | |||
| CVE-2017-11366 | critical | 9.8 | 9.8 | 9y ago | Codiad Vulnerable to Shell Command Injection | |||
| CVE-2017-7364 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (whi… | |||
| CVE-2017-12776 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | |||
| CVE-2017-12582 | critical | 9.8 | 9.8 | 9y ago | Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that u… | |||
| CVE-2017-7278 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. | |||
| CVE-2017-12942 | critical | 9.8 | 9.8 | 9y ago | libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | |||
| CVE-2017-12941 | critical | 9.8 | 9.8 | 9y ago | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | |||
| CVE-2017-12940 | critical | 9.8 | 9.8 | 9y ago | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | |||
| CVE-2017-12939 | critical | 9.8 | 9.8 | 9y ago | A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before… | |||
| CVE-2017-12933 | critical | 9.8 | 9.8 | 9y ago | The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data… | |||
| CVE-2017-12932 | critical | 9.8 | 9.8 | 9y ago | ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for … | |||
| CVE-2017-12910 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. | |||
| CVE-2017-12909 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||
| CVE-2017-12908 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. | |||
| CVE-2017-7555 | critical | 9.8 | 9.8 | 9y ago | Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the applicatio… | |||
| CVE-2017-7551 | critical | 9.8 | 9.8 | 9y ago | 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | |||
| CVE-2017-7546 | critical | 9.8 | 9.8 | 9y ago | PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. | |||
| CVE-2017-8248 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. | |||
| CVE-2017-9653 | critical | 9.8 | 9.8 | 9y ago | An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA bef… | |||
| CVE-2017-9800 | critical | 9.8 | 9.8 | 9y ago | A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be ge… | |||
| CVE-2017-6328 | high | 8.8 | 9.8 | 9y ago | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious… | |||
| CVE-2017-3124 | critical | 9.8 | 9.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exch… | |||
| CVE-2017-3108 | critical | 9.8 | 9.8 | 9y ago | Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | |||
| CVE-2017-3106 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11274 | critical | 9.8 | 9.8 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-8658 | critical | 9.8 | 9.8 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-12774 | critical | 9.8 | 9.8 | 9y ago | finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database | |||
| CVE-2017-12762 | critical | 9.8 | 9.8 | 9y ago | In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux … | |||
| CVE-2017-11741 | high | 8.8 | 9.8 | 9y ago | HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges b… | |||
| CVE-2017-3632 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows u… | |||
| CVE-2017-10204 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |||
| CVE-2017-10129 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |||
| CVE-2017-9939 | critical | 9.8 | 9.8 | 9y ago | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication m… | |||
| CVE-2017-6869 | critical | 9.8 | 9.8 | 9y ago | A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the p… | |||
| CVE-2017-12650 | critical | 9.8 | 9.8 | 9y ago | SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. | |||
| CVE-2017-12567 | critical | 9.8 | 9.8 | 9y ago | SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. | |||
| CVE-2017-12479 | high | 8.8 | 9.8 | 9y ago | It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege use… | |||
| CVE-2017-9632 | critical | 9.8 | 9.8 | 9y ago | A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, Laser… | |||
| CVE-2017-6747 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improp… | |||
| CVE-2017-12588 | critical | 9.8 | 9.8 | 9y ago | The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. | |||
| CVE-2017-9861 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, an… | |||
| CVE-2017-9860 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an… | |||
| CVE-2017-9859 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relat… | |||
| CVE-2017-9855 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single … | |||
| CVE-2017-9854 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. The… | |||
| CVE-2017-9853 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set… | |||
| CVE-2017-9852 | critical | 9.8 | 9.8 | 9y ago | An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwo… | |||
| CVE-2017-12562 | critical | 9.8 | 9.8 | 9y ago | Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unsp… | |||
| CVE-2017-10818 | critical | 9.8 | 9.8 | 9y ago | MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service. | |||
| CVE-2017-10817 | critical | 9.8 | 9.8 | 9y ago | MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server. | |||
| CVE-2017-10816 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server. | |||
| CVE-2017-12424 | critical | 9.8 | 9.8 | 9y ago | In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other me… | |||
| CVE-2017-12414 | critical | 9.8 | 9.8 | 9y ago | Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll. | |||
| CVE-2017-11393 | critical | 9.8 | 9.8 | 9y ago | Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by par… | |||
| CVE-2017-11392 | high | 8.8 | 9.8 | 9y ago | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… | |||
| CVE-2017-11391 | high | 8.8 | 9.8 | 9y ago | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… | |||
| CVE-2017-7442 | high | 8.8 | 9.8 | 9y ago | Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | |||
| CVE-2017-11721 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet. | |||
| CVE-2017-11105 | critical | 9.8 | 9.8 | 9y ago | The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disab… | |||
| CVE-2017-11389 | critical | 9.8 | 9.8 | 9y ago | Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684. | |||
| CVE-2017-11386 | critical | 9.8 | 9.8 | 9y ago | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZD… | |||
| CVE-2017-11385 | critical | 9.8 | 9.8 | 9y ago | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN… | |||
| CVE-2017-11384 | critical | 9.8 | 9.8 | 9y ago | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN… | |||
| CVE-2017-11383 | critical | 9.8 | 9.8 | 9y ago | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN… | |||
| CVE-2017-8390 | critical | 9.8 | 9.8 | 9y ago | The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. | |||
| CVE-2017-12199 | critical | 9.8 | 9.8 | 9y ago | The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, ima… | |||
| CVE-2017-4923 | critical | 9.8 | 9.8 | 9y ago | VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-ba… | |||
| CVE-2017-11381 | critical | 9.8 | 9.8 | 9y ago | A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | |||
| CVE-2017-11380 | critical | 9.8 | 9.8 | 9y ago | Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Di… | |||
| CVE-2017-11129 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content o… | |||
| CVE-2017-12065 | critical | 9.8 | 9.8 | 9y ago | spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. | |||
| CVE-2017-11757 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client … | |||
| CVE-2017-11743 | critical | 9.8 | 9.8 | 9y ago | MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability … | |||
| CVE-2017-9521 | critical | 9.8 | 9.8 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmw… | |||
| CVE-2017-9483 | critical | 9.8 | 9.8 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processo… | |||
| CVE-2017-9482 | critical | 9.8 | 9.8 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by… | |||
| CVE-2017-9479 | critical | 9.8 | 9.8 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network a… | |||
| CVE-2017-11720 | critical | 9.8 | 9.8 | 9y ago | There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. | |||
| CVE-2017-11715 | critical | 9.8 | 9.8 | 9y ago | job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .pht… | |||
| CVE-2017-11645 | critical | 9.8 | 9.8 | 9y ago | NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. | |||
| CVE-2017-11184 | critical | 9.8 | 9.8 | 9y ago | SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | |||
| CVE-2017-9614 | high | 8.8 | 9.8 | 9y ago | The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified oth… | |||
| CVE-2017-11673 | critical | 9.8 | 9.8 | 9y ago | Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at re… | |||
| CVE-2017-11643 | critical | 9.8 | 9.8 | 9y ago | GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. | |||
| CVE-2017-11641 | critical | 9.8 | 9.8 | 9y ago | GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. | |||
| CVE-2017-11637 | critical | 9.8 | 9.8 | 9y ago | GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. | |||
| CVE-2017-11636 | critical | 9.8 | 9.8 | 9y ago | GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. | |||
| CVE-2017-11631 | critical | 9.8 | 9.8 | 9y ago | dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. | |||
| CVE-2017-9413 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a p… | |||
| CVE-2017-11459 | critical | 9.8 | 9.8 | 9y ago | SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Not… | |||
| CVE-2017-11614 | critical | 9.8 | 9.8 | 9y ago | MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the da… | |||
| CVE-2017-11324 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be trigge… | |||
| CVE-2017-11589 | critical | 9.8 | 9.8 | 9y ago | On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control … | |||
| CVE-2017-11588 | critical | 9.8 | 9.8 | 9y ago | On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command exe… |