VIR Vulnerability Intelligence Relay

Search

Found 4,306 results in 541ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-9834 critical 9.8 10.0 EXP calendarscripts 9y ago SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action…
CVE-2017-14147 critical 9.8 10.0 EXP 9y ago An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link ht…
CVE-2017-13754 medium 5.4 6.4 EXP wibu 9y ago Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the …
CVE-2015-7241 critical 9.8 10.0 EXP sap 9y ago XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
CVE-2017-1130 medium 6.5 7.5 EXP ibm 9y ago IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h…
CVE-2017-1129 medium 6.5 7.5 EXP ibm 9y ago IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213…
CVE-2017-14126 medium 6.1 7.1 EXP xnau 9y ago The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
CVE-2017-14117 medium 5.9 6.9 EXP 9y ago The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows rem…
CVE-2017-3898 medium 5.9 6.9 EXP mcafee 9y ago A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registr…
CVE-2017-3897 critical 9.8 10.0 EXP mcafee 9y ago A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 all…
CVE-2014-8677 medium 5.3 6.3 EXP soplanning 9y ago The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create a…
CVE-2014-8676 medium 5.3 6.3 EXP soplanning 9y ago Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL pa…
CVE-2017-13708 critical 9.8 10.0 EXP vxsearch 9y ago Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request.
CVE-2016-10504 medium 6.5 7.5 EXPFIX slesdebian debian uclouvain 9y ago Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp f…
CVE-2017-9979 medium 6.1 7.1 EXP osnexus 9y ago On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to…
CVE-2017-9978 medium 5.3 6.3 EXP osnexus 9y ago On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this infor…
CVE-2017-12954 medium 6.5 7.5 EXPFIX debian debian libgig0 9y ago The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
CVE-2017-12953 medium 6.5 7.5 EXPFIX debian debian libgig0 9y ago The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
CVE-2017-12952 medium 6.5 7.5 EXPFIX debian debian libgig0 9y ago The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12951 medium 6.5 7.5 EXPFIX debian debian libgig0 9y ago The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a craft…
CVE-2017-12950 medium 6.5 7.5 EXPFIX debian debian linuxsampler 9y ago The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2014-9558 critical 9.8 10.0 EXP smartcms 9y ago Multiple SQL injection vulnerabilities in SmartCMS v.2.
CVE-2017-9640 medium 6.3 7.3 EXP automatedlogiccarrier 9y ago A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC …
CVE-2015-8352 critical 9.8 10.0 EXP zen-cart 9y ago Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
CVE-2015-7896 medium 6.5 7.5 EXP 9y ago LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
CVE-2017-12971 medium 6.1 7.1 EXP apache2triad 9y ago Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.
CVE-2017-12965 critical 9.8 10.0 EXP apache2triad 9y ago Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVE-2017-12787 critical 9.8 10.0 EXP noviflow 9y ago A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an…
CVE-2017-12786 critical 9.8 10.0 EXP noviflow 9y ago Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an op…
CVE-2017-12785 critical 9.8 10.0 EXP noviflow 9y ago The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. Th…
CVE-2015-2857 critical 9.8 10.0 EXP accellion 9y ago Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
CVE-2017-12984 medium 6.1 7.1 EXP phpmywind 9y ago PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
CVE-2015-4071 medium 5.3 6.3 EXP helpdesk_pro_project 9y ago The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/…
CVE-2017-9767 medium 5.4 6.4 EXP quali 9y ago Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter …
CVE-2017-12943 critical 9.8 10.0 EXP 9y ago D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the …
CVE-2017-11664 medium 6.5 7.5 EXPFIX debian debian mindwerks 9y ago The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
CVE-2017-11663 medium 6.5 7.5 EXPFIX debian debian mindwerks 9y ago The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
CVE-2014-5144 medium 5.4 6.4 EXP telescopeapp 9y ago Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.
CVE-2017-8652 medium 6.5 7.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi…
CVE-2017-8644 medium 4.3 5.3 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi…
CVE-2017-11153 critical 9.8 10.0 EXP synology 9y ago Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized p…
CVE-2017-11151 critical 9.8 10.0 EXP synology 9y ago A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.
CVE-2017-10046 medium 5.4 6.4 EXP oracle 9y ago Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1…
CVE-2015-7871 critical 9.8 10.0 EXPFIX debian debian ntpnetapp 9y ago Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
CVE-2015-7855 medium 6.5 7.5 EXPFIX debian debian ntpnetapp 9y ago The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a l…
CVE-2017-12478 critical 9.8 10.0 EXP kaseya 9y ago It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw …
CVE-2017-12477 critical 9.8 10.0 EXP kaseya 9y ago It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacke…
CVE-2017-11394 critical 9.8 10.0 EXP trendmicro 9y ago Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by par…
CVE-2017-11320 medium 6.1 7.1 EXP 9y ago Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
CVE-2017-9769 critical 9.8 10.0 EXP razer 9y ago A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
CVE-2017-11356 medium 6.5 7.5 EXP pega 9y ago The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by lever…
CVE-2017-11355 medium 6.1 7.1 EXP pega 9y ago Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) …
CVE-2017-11494 critical 9.8 10.0 EXP 9y ago SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
CVE-2017-11552 medium 6.5 7.5 EXPFIX debian debian underbit 9y ago mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decode…
CVE-2017-11548 medium 5.5 6.5 EXP slesdebian debian xiph 9y ago The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
CVE-2017-11359 medium 5.5 6.5 EXPFIX arch archdebian debian sound_exchange_project 9y ago The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conve…
CVE-2017-11358 medium 5.5 6.5 EXPFIX slesarch archdebian debian sound_exchange_project 9y ago The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
CVE-2017-11333 medium 5.5 6.5 EXPFIX arch arch slesdebian debian xiph.org 9y ago The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
CVE-2017-11332 medium 5.5 6.5 EXPFIX arch archdebian debian sound_exchange_project 9y ago The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
CVE-2017-11331 medium 5.5 6.5 EXPFIX arch arch slesdebian debian xiph 9y ago The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.
CVE-2017-11330 medium 5.5 6.5 EXP divfix 9y ago The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted avi fil…
CVE-2017-9412 medium 5.5 6.5 EXPFIX arch archdebian debian lame_project 9y ago The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
CVE-2017-9260 medium 5.5 6.5 EXPFIX debian debian surina 9y ago The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application c…
CVE-2017-9259 medium 5.5 6.5 EXPFIX debian debian surina 9y ago The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application cra…
CVE-2017-9258 medium 5.5 6.5 EXPFIX debian debian surina 9y ago The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wa…
CVE-2015-5594 medium 6.1 7.1 EXP zenphoto 9y ago The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a…
CVE-2015-2798 critical 9.8 10.0 EXP web-dorado 9y ago SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2015-2279 critical 9.8 10.0 EXP 9y ago cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters aft…
CVE-2017-9554 medium 5.3 6.3 EXP 9y ago An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
CVE-2017-11517 critical 9.8 10.0 EXP geutebrueck 9y ago Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.
CVE-2017-11502 critical 9.8 10.0 EXP 9y ago Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
CVE-2017-7064 medium 5.5 6.5 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe…
CVE-2017-11471 critical 9.8 10.0 EXP idera 9y ago IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
CVE-2017-11470 critical 9.8 10.0 EXP idera 9y ago IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
CVE-2017-11467 critical 9.8 10.0 EXP orientdb 9y ago OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
CVE-2017-11435 critical 9.8 10.0 EXP 9y ago The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the route…
CVE-2017-9813 medium 6.1 7.1 EXP kaspersky 9y ago In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site sc…
CVE-2017-9811 critical 9.8 10.0 EXP kaspersky 9y ago The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine rea…
CVE-2017-11346 critical 9.8 10.0 EXP zohocorp 9y ago Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
CVE-2017-1000002 critical 9.8 10.0 EXP atutor 9y ago ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vu…
CVE-2017-11165 critical 9.8 10.0 EXP 9y ago dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
CVE-2017-8564 medium 5.5 6.5 EXP windows windows 9y ago Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server …
CVE-2017-7175 critical 9.9 10.0 EXP nfsen 9y ago NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).
CVE-2017-7950 medium 5.5 6.5 EXP gonitro 9y ago Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.
CVE-2017-10803 medium 6.5 7.5 EXPFIX debian debian odoo 9y ago In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated pr…
CVE-2017-6026 critical 9.1 10.0 EXP 9y ago A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to V…
CVE-2017-10682 critical 9.8 10.0 EXP piwigo 9y ago SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or stat…
CVE-2015-7898 medium 5.5 6.5 EXP 9y ago Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVE-2015-7895 medium 5.5 6.5 EXP 9y ago Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVE-2017-6326 critical 10.0 10.0 EXP symantec 9y ago The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machi…
CVE-2017-9936 medium 6.5 7.5 EXPFIX slesdebian debianubuntu ubuntu libtiff 9y ago In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
CVE-2017-9869 medium 5.5 6.5 EXPFIX arch archdebian debian lame_project 9y ago The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application cr…
CVE-2015-9098 critical 9.8 10.0 EXP red-gate 9y ago In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitor…
CVE-2017-3631 medium 5.3 6.3 EXP 9y ago Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privilege…
CVE-2017-3630 medium 5.3 6.3 EXP 9y ago Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low pri…
CVE-2017-7918 medium 6.8 7.8 EXP 9y ago An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups u…
CVE-2017-9130 medium 5.5 6.5 EXPFIX debian debian freeware_advanced_audio_coder_project 9y ago The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted…
CVE-2017-9129 medium 5.5 6.5 EXPFIX debian debian audiocoding 9y ago The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file.
CVE-2017-3078 critical 9.8 10.0 EXP windows windows linux-kernelmacos macos adobe 9y ago Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code e…
CVE-2017-3077 critical 9.8 10.0 EXP windows windows linux-kernelmacos macos adobe 9y ago Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.