CVEs from 2017
Total
11,693
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11415 | critical | 9.8 | 9.8 | 9y ago | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. | |||
| CVE-2017-11414 | critical | 9.8 | 9.8 | 9y ago | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. | |||
| CVE-2017-11413 | critical | 9.8 | 9.8 | 9y ago | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. | |||
| CVE-2017-11412 | critical | 9.8 | 9.8 | 9y ago | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. | |||
| CVE-2017-9811 | critical | 9.8 | 9.8 | 9y ago | The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine rea… | |||
| CVE-2017-10984 | critical | 9.8 | 9.8 | 9y ago | An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary … | |||
| CVE-2017-10979 | critical | 9.8 | 9.8 | 9y ago | An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary c… | |||
| CVE-2017-8011 | critical | 9.8 | 9.8 | 9y ago | EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Pac… | |||
| CVE-2017-7673 | critical | 9.8 | 9.8 | 9y ago | Apache OpenMeetings has Inadequate Encryption Strength | |||
| CVE-2017-2345 | critical | 9.8 | 9.8 | 9y ago | On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated cr… | |||
| CVE-2017-2343 | critical | 9.8 | 9.8 | 9y ago | The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing fi… | |||
| CVE-2017-11362 | critical | 9.8 | 9.8 | 9y ago | In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buff… | |||
| CVE-2017-11354 | critical | 9.8 | 9.8 | 9y ago | Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. | |||
| CVE-2017-11349 | critical | 9.8 | 9.8 | 9y ago | dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. | |||
| CVE-2017-11346 | critical | 9.8 | 9.8 | 9y ago | Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. | |||
| CVE-2017-11329 | critical | 9.8 | 9.8 | 9y ago | GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. | |||
| CVE-2017-10601 | critical | 9.8 | 9.8 | 9y ago | A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, … | |||
| CVE-2017-1000362 | critical | 9.8 | 9.8 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2017-1000081 | critical | 9.8 | 9.8 | 9y ago | Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | |||
| CVE-2017-1000075 | critical | 9.8 | 9.8 | 9y ago | Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function | |||
| CVE-2017-1000074 | critical | 9.8 | 9.8 | 9y ago | Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. | |||
| CVE-2017-1000073 | critical | 9.8 | 9.8 | 9y ago | Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. | |||
| CVE-2017-1000072 | critical | 9.8 | 9.8 | 9y ago | Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations | |||
| CVE-2017-1000060 | critical | 9.8 | 9.8 | 9y ago | EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root | |||
| CVE-2017-1000056 | critical | 9.8 | 9.8 | 9y ago | Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. | |||
| CVE-2017-1000047 | critical | 9.8 | 9.8 | 9y ago | rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution | |||
| CVE-2017-1000044 | critical | 9.8 | 9.8 | 9y ago | gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering | |||
| CVE-2017-1000039 | critical | 9.8 | 9.8 | 9y ago | Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution | |||
| CVE-2017-1000037 | critical | 9.8 | 9.8 | 9y ago | RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD… | |||
| CVE-2017-1000030 | critical | 9.8 | 9.8 | 9y ago | Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain te… | |||
| CVE-2017-1000020 | critical | 9.8 | 9.8 | 9y ago | SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending S… | |||
| CVE-2017-1000009 | critical | 9.8 | 9.8 | 9y ago | Akeneo PIM vulnerable to shell injection in the mass edition | |||
| CVE-2017-1000004 | critical | 9.8 | 9.8 | 9y ago | ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course … | |||
| CVE-2017-1000003 | critical | 9.8 | 9.8 | 9y ago | ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and ea… | |||
| CVE-2017-0028 | critical | 9.8 | 9.8 | 9y ago | A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute… | |||
| CVE-2017-11174 | critical | 9.8 | 9.8 | 9y ago | In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of … | |||
| CVE-2017-4053 | critical | 9.8 | 9.8 | 9y ago | Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their c… | |||
| CVE-2017-4052 | critical | 9.8 | 9.8 | 9y ago | Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any con… | |||
| CVE-2017-11187 | critical | 9.8 | 9.8 | 9y ago | phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. | |||
| CVE-2017-11167 | critical | 9.8 | 9.8 | 9y ago | FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo(… | |||
| CVE-2017-11165 | critical | 9.8 | 9.8 | 9y ago | dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI. | |||
| CVE-2017-8589 | critical | 9.8 | 9.8 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote cod… | |||
| CVE-2017-7728 | critical | 9.8 | 9.8 | 9y ago | On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography. | |||
| CVE-2017-5640 | critical | 9.8 | 9.8 | 9y ago | It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (… | |||
| CVE-2017-11139 | critical | 9.8 | 9.8 | 9y ago | GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. | |||
| CVE-2017-11125 | critical | 9.8 | 9.8 | 9y ago | libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c. | |||
| CVE-2017-11124 | critical | 9.8 | 9.8 | 9y ago | libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c. | |||
| CVE-2017-4976 | critical | 9.8 | 9.8 | 9y ago | EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and … | |||
| CVE-2017-7512 | critical | 9.8 | 9.8 | 9y ago | Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authenticatio… | |||
| CVE-2017-9629 | critical | 9.8 | 9.8 | 9y ago | A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identi… | |||
| CVE-2017-1000082 | critical | 9.8 | 9.8 | 9y ago | systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. | |||
| CVE-2017-10966 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result … | |||
| CVE-2017-10965 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. | |||
| CVE-2017-2237 | critical | 9.8 | 9.8 | 9y ago | Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands vi… | |||
| CVE-2017-2236 | critical | 9.8 | 9.8 | 9y ago | Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers… | |||
| CVE-2017-2235 | critical | 9.8 | 9.8 | 9y ago | Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to cha… | |||
| CVE-2017-2234 | critical | 9.8 | 9.8 | 9y ago | Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented … | |||
| CVE-2017-2225 | critical | 9.8 | 9.8 | 9y ago | Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-7406 | critical | 9.8 | 9.8 | 9y ago | The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor ne… | |||
| CVE-2017-7405 | critical | 9.8 | 9.8 | 9y ago | On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an att… | |||
| CVE-2017-10989 | critical | 9.8 | 9.8 | 9y ago | The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer ove… | |||
| CVE-2017-10968 | critical | 9.8 | 9.8 | 9y ago | In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. | |||
| CVE-2017-6714 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The … | |||
| CVE-2017-6713 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due t… | |||
| CVE-2017-6709 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (… | |||
| CVE-2017-6708 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive file… | |||
| CVE-2017-1175 | critical | 9.8 | 9.8 | 9y ago | IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or del… | |||
| CVE-2017-1269 | critical | 9.8 | 9.8 | 9y ago | IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inform… | |||
| CVE-2017-10913 | critical | 9.8 | 9.8 | 9y ago | The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain priv… | |||
| CVE-2017-10804 | critical | 9.8 | 9.8 | 9y ago | In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 c… | |||
| CVE-2017-10807 | critical | 9.8 | 9.8 | 9y ago | JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | |||
| CVE-2017-7317 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin. | |||
| CVE-2017-7315 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup,… | |||
| CVE-2017-7919 | critical | 9.8 | 9.8 | 9y ago | An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL). | |||
| CVE-2017-8116 | critical | 9.8 | 9.8 | 9y ago | The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metachara… | |||
| CVE-2017-10788 | critical | 9.8 | 9.8 | 9y ago | The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) ce… | |||
| CVE-2017-10699 | critical | 9.8 | 9.8 | 9y ago | arbitrary code execution in vlc | |||
| CVE-2017-10670 | critical | 9.8 | 9.8 | 9y ago | An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conform… | |||
| CVE-2017-7905 | critical | 9.8 | 9.8 | 9y ago | A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmw… | |||
| CVE-2017-7903 | critical | 9.8 | 9.8 | 9y ago | A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 17… | |||
| CVE-2017-7902 | critical | 9.8 | 9.8 | 9y ago | A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and pri… | |||
| CVE-2017-7899 | critical | 9.8 | 9.8 | 9y ago | An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L1… | |||
| CVE-2017-7898 | critical | 9.8 | 9.8 | 9y ago | An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Vers… | |||
| CVE-2017-6044 | critical | 9.8 | 9.8 | 9y ago | An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can… | |||
| CVE-2017-6041 | critical | 9.8 | 9.8 | 9y ago | An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check B… | |||
| CVE-2017-6034 | critical | 9.8 | 9.8 | 9y ago | An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which … | |||
| CVE-2017-6028 | critical | 9.8 | 9.8 | 9y ago | An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are se… | |||
| CVE-2017-6022 | critical | 9.8 | 9.8 | 9y ago | A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use ha… | |||
| CVE-2017-10685 | critical | 9.8 | 9.8 | 9y ago | In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |||
| CVE-2017-10684 | critical | 9.8 | 9.8 | 9y ago | In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |||
| CVE-2017-10682 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or stat… | |||
| CVE-2017-4997 | critical | 9.8 | 9.8 | 9y ago | EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affect… | |||
| CVE-2017-10672 | critical | 9.8 | 9.8 | 9y ago | Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. | |||
| CVE-2017-9830 | critical | 9.8 | 9.8 | 9y ago | Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and… | |||
| CVE-2017-9615 | critical | 9.8 | 9.8 | 9y ago | Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-read… | |||
| CVE-2017-9466 | critical | 9.8 | 9.8 | 9y ago | The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which al… | |||
| CVE-2017-9848 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs ele… | |||
| CVE-2017-9828 | critical | 9.8 | 9.8 | 9y ago | '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root … | |||
| CVE-2017-9772 | critical | 9.8 | 9.8 | 9y ago | Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_N… | |||
| CVE-2017-2781 | critical | 9.8 | 9.8 | 9y ago | An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overfl… |