VIR Vulnerability Intelligence Relay

Search

Found 6,690 results in 642ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-1000364 high 7.4 8.4 EXPFIX slesarch archdebian debian 9y ago An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this af…
CVE-2017-9757 high 8.8 9.8 EXP ipfire 9y ago IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.
CVE-2017-9730 critical 9.8 10.0 EXP dfsol 9y ago SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.
CVE-2017-9756 high 7.8 8.8 EXPFIX debian debian sles gnu 9y ago The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspe…
CVE-2017-9750 high 7.8 8.8 EXPFIX debian debian sles gnu 9y ago opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly…
CVE-2017-9749 high 7.8 8.8 EXPFIX debian debian sles gnu 9y ago The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via …
CVE-2017-9748 high 7.8 8.8 EXPFIX debian debian sles gnu 9y ago The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buff…
CVE-2017-9747 high 7.8 8.8 EXPFIX debian debian sles gnu 9y ago The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buf…
CVE-2017-9746 high 7.8 8.8 EXPFIX debian debian sles gnu 9y ago The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact…
CVE-2017-9742 high 7.8 8.8 EXPFIX debian debian sles gnu 9y ago The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other…
CVE-2017-9602 critical 9.8 10.0 EXP kbvault_mysql_project 9y ago KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and delet…
CVE-2017-8487 high 7.8 8.8 EXP windows windows 9y ago Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerabil…
CVE-2017-8461 high 7.8 8.8 EXP windows windows 9y ago Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a …
CVE-2017-9675 high 7.5 8.5 EXP 9y ago On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.
CVE-2017-8550 medium 5.4 6.4 EXP microsoft 9y ago A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
CVE-2017-8548 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge imprope…
CVE-2017-8496 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, ak…
CVE-2017-8492 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8491 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8490 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8489 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8488 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8485 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8484 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8483 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8482 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8481 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8480 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8479 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8478 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8477 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8476 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8473 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafte…
CVE-2017-8472 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initiali…
CVE-2017-8471 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8470 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8469 medium 5.5 6.5 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an…
CVE-2017-8462 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-0300 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-0299 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-0289 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0288 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0287 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0286 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0285 medium 5.0 6.0 EXP windows windows microsoft 9y ago Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office …
CVE-2017-0284 medium 5.0 6.0 EXP windows windows microsoft 9y ago Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office …
CVE-2017-0283 high 8.8 9.8 EXP windows windows microsoft 9y ago Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 S…
CVE-2017-0282 medium 5.0 6.0 EXP windows windows microsoft 9y ago Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office …
CVE-2017-9603 high 8.8 9.8 EXP intensewp 9y ago SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
CVE-2017-9429 high 8.8 9.8 EXP event_list_project 9y ago SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
CVE-2017-9418 high 8.8 9.8 EXP goldplugins 9y ago SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
CVE-2017-9544 critical 9.8 10.0 EXP echatserver 9y ago There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering…
CVE-2017-9128 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 …
CVE-2017-9127 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted …
CVE-2017-9126 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
CVE-2017-9125 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
CVE-2017-9124 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
CVE-2017-9123 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9122 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
CVE-2017-8871 medium 6.5 7.5 EXP slessuse suse gnome 9y ago The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVE-2014-8687 critical 9.8 10.0 EXP 9y ago Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session token…
CVE-2017-9516 medium 5.4 6.4 EXP craftcms 9y ago Craft CMS XSS Vulnerability
CVE-2017-4901 critical 9.9 10.0 EXP vmware 9y ago The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execu…
CVE-2017-7180 high 7.3 8.3 EXP eduiq 9y ago Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privi…
CVE-2015-7346 critical 9.8 10.0 EXP zcms_project 9y ago SQL injection vulnerability in ZCMS 1.1.
CVE-2017-9355 high 7.4 8.4 EXP subsonic 9y ago XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist…
CVE-2017-4905 medium 5.5 6.5 EXP macos macos vmware 9y ago VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch …
CVE-2017-4914 critical 9.8 10.0 EXP vmware 9y ago VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
CVE-2017-7314 high 7.5 8.5 EXP personify 9y ago An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.
CVE-2017-7312 critical 9.8 10.0 EXP personifycorp 9y ago An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and…
CVE-2016-9834 medium 6.1 7.1 EXP 9y ago An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is …
CVE-2017-9462 high 8.8 9.8 EXPFIX slesdebian debian rhel mercurial 9y ago In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
CVE-2017-8841 high 8.1 9.1 EXP 9y ago Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology …
CVE-2017-8840 medium 5.3 6.3 EXP 9y ago Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request t…
CVE-2017-8839 medium 6.1 7.1 EXP 9y ago XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/p…
CVE-2017-8838 medium 6.1 7.1 EXP 9y ago XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/H…
CVE-2017-8837 critical 9.8 10.0 EXP 9y ago Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in questio…
CVE-2017-8836 high 8.8 9.8 EXP 9y ago CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative inte…
CVE-2017-8835 critical 9.8 10.0 EXP 9y ago SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth coo…
CVE-2017-1000367 medium 6.4 7.4 EXPFIX slesarch archdebian debian sudo_project 9y ago Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
CVE-2017-9430 critical 9.8 10.0 EXP debian debian dnstracer_project 9y ago Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name ar…
CVE-2017-9417 critical 9.8 10.0 EXPFIX debian debian 9y ago Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
CVE-2017-9380 high 8.8 9.8 EXP open-emr 9y ago OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
CVE-2017-9353 high 7.5 8.5 EXPFIX arch arch slesdebian debian wireshark 9y ago In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
CVE-2017-9347 high 7.5 8.5 EXPFIX arch arch slesdebian debian wireshark 9y ago In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
CVE-2015-0936 critical 9.8 10.0 EXP 9y ago Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
CVE-2017-9232 critical 9.8 10.0 EXP canonical 9y ago Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju
CVE-2017-8541 high 7.8 8.8 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2017-8538 high 7.8 8.8 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2017-8537 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2017-8536 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2017-8535 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2016-6256 critical 9.6 10.0 EXP sap 9y ago SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i…
CVE-2017-2800 critical 9.8 10.0 EXPFIX debian debian wolfssl 9y ago A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and pos…
CVE-2017-8311 high 7.8 8.8 EXPFIX arch archdebian debian videolan 9y ago multiple issues in vlc
CVE-2016-10073 high 7.5 8.5 EXP vanillaforums 9y ago The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a cr…
CVE-2015-5468 high 7.5 8.5 EXP wpshopstyling 9y ago Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to inc…
CVE-2015-4455 critical 9.8 10.0 EXP aviary_image_editor_add-on_for_gravity_forms_project 9y ago Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by up…
CVE-2017-9150 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which all…
CVE-2017-1092 critical 9.8 10.0 EXP ibm 9y ago IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.