VIR Vulnerability Intelligence Relay

Search

Found 6,175 results in 625ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-13872 high 8.1 9.1 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain a…
CVE-2017-17058 high 7.5 8.5 EXP automattic 9y ago The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a …
CVE-2017-16952 medium 5.5 6.5 EXP kmplayer 9y ago KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.
CVE-2017-16951 medium 5.5 6.5 EXP audiovalley 9y ago Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.
CVE-2017-16994 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kern…
CVE-2017-16962 medium 6.1 7.1 EXP communigate 9y ago The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a craf…
CVE-2017-16944 high 7.5 8.5 EXPFIX arch archdebian debian exim 9y ago The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT com…
CVE-2017-16939 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 9y ago The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCV…
CVE-2017-16902 high 7.5 8.5 EXP 9y ago On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.
CVE-2017-16894 high 7.5 8.5 EXPFIX debian debian laravel 9y ago In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Larav…
CVE-2017-6168 high 7.4 8.4 EXP f5 9y ago On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may b…
CVE-2017-1000170 high 7.5 8.5 EXP jqueryfiletree_project 9y ago jqueryFileTree vulnerable to Directory Traversal
CVE-2017-16819 medium 5.4 6.4 EXP 9y ago A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name)…
CVE-2017-16843 medium 5.4 6.4 EXP 9y ago Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
CVE-2017-16777 high 7.8 8.8 EXP hashicorp 9y ago If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo h…
CVE-2017-16841 medium 6.1 7.1 EXP lansweeper 9y ago LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
CVE-2017-16836 medium 6.1 7.1 EXP 9y ago Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
CVE-2017-15806 high 8.1 9.1 EXP zetacomponents 9y ago Zeta Components Mail Arbitrary code execution via a crafted email address
CVE-2017-15271 medium 5.9 6.9 EXP psftp 9y ago A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically res…
CVE-2017-15270 medium 5.3 6.3 EXP psftp 9y ago The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface…
CVE-2017-14961 high 7.8 8.8 EXP ikarussecurity 9y ago In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
CVE-2017-7851 high 8.8 9.8 EXP 9y ago D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
CVE-2017-11873 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to ho…
CVE-2017-11870 high 7.5 8.5 EXP windows windows microsoft 9y ago Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects
CVE-2017-11861 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engin…
CVE-2017-11855 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2…
CVE-2017-11841 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due…
CVE-2017-11840 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due…
CVE-2017-11839 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engi…
CVE-2017-11831 medium 4.7 5.7 EXP windows windows 9y ago Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Serv…
CVE-2017-11830 medium 5.3 6.3 EXP windows windows 9y ago Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security f…
CVE-2017-12636 high 7.2 8.2 EXPFIX arch arch sles apache 9y ago multiple issues in couchdb
CVE-2017-16807 medium 5.4 6.4 EXP getkirby 9y ago Kirby XSS Vulnerability
CVE-2017-16806 high 7.5 8.5 EXP ulterius 9y ago The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
CVE-2017-13849 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows re…
CVE-2017-13802 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13798 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13797 high 8.8 9.8 EXPFIX macos macos apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13796 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13795 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13794 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13792 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13791 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13785 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13784 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13783 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-16781 medium 5.4 6.4 EXP mybb 9y ago The installer in MyBB before 1.8.13 has XSS.
CVE-2017-16568 medium 5.4 6.4 EXP logitech 9y ago Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, w…
CVE-2017-16567 medium 5.4 6.4 EXP logitech 9y ago Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malic…
CVE-2017-16249 high 7.5 8.5 EXP 9y ago The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with …
CVE-2017-12969 high 8.8 9.8 EXP avaya 9y ago Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or exe…
CVE-2017-16642 high 7.5 8.5 EXP slesdebian debianubuntu ubuntu phpnetapp 9y ago In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to …
CVE-2017-6331 high 7.1 8.1 EXP symantec 9y ago Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that …
CVE-2017-14016 medium 6.3 7.3 EXP advantech 9y ago A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying…
CVE-2017-16001 high 7.8 8.8 EXP hashicorp 9y ago In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVE-2017-16570 high 8.8 9.8 EXP keystonejs 9y ago Cross-Site Request Forgery (CSRF) in keystone
CVE-2017-16524 high 8.8 9.8 EXP hanwhasecurity 9y ago Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrar…
CVE-2017-16542 high 8.8 9.8 EXP zohocorp 9y ago Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
CVE-2017-16513 high 7.8 8.8 EXP ipswitch 9y ago Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.
CVE-2017-16237 high 7.8 8.8 EXP tgsoft 9y ago In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.
CVE-2017-12243 high 7.8 8.8 EXP 9y ago A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authentica…
CVE-2017-15918 high 7.8 8.8 EXP ignitum 9y ago Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
CVE-2017-16353 medium 6.5 7.5 EXPFIX slesdebian debian graphicsmagick 9y ago GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The p…
CVE-2017-16352 high 8.8 9.8 EXPFIX slesdebian debian graphicsmagick 9y ago GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. …
CVE-2017-16244 high 8.8 9.8 EXP octobercms 9y ago October CMS CSRF
CVE-2017-15884 high 7.0 8.0 EXP hashicorp 9y ago In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVE-2017-15950 high 7.8 8.8 EXP flexense 9y ago Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destina…
CVE-2017-15921 high 7.5 8.5 EXP watchdogdevelopment 9y ago In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc…
CVE-2017-15920 high 7.5 8.5 EXP watchdogdevelopment 9y ago In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc…
CVE-2017-7411 high 8.8 9.8 EXP enalean 9y ago An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value tha…
CVE-2017-15957 high 8.8 9.8 EXP ingenious_school_management_system_project 9y ago my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
CVE-2017-15956 high 7.5 8.5 EXP converto_video_downloader_\&_converter_project 9y ago ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.
CVE-2017-15879 high 8.8 9.8 EXP keystonejs 9y ago Keystone is vulnerable to CSV injection
CVE-2017-15878 medium 6.1 7.1 EXP keystonejs 9y ago Cross-Site Scripting in keystone
CVE-2017-15223 medium 5.3 6.3 EXP argosoft 9y ago Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an in…
CVE-2011-3187 medium 5.3 EXP debian debian rubyonrails 9y ago The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which…
CVE-2017-13772 high 8.8 9.8 EXP 9y ago Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRp…
CVE-2015-5533 high 7.2 8.2 EXP count_per_day_project 9y ago SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep…
CVE-2015-2878 high 8.8 9.8 EXP watchguard 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary acco…
CVE-2011-4334 high 8.8 9.8 EXP labwiki_project 9y ago edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the use…
CVE-2011-4333 medium 6.1 7.1 EXP scilico 9y ago Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no…
CVE-2017-15808 high 8.8 9.8 EXP phpmyfaq 9y ago In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVE-2017-15687 medium 6.1 7.1 EXP logitech 9y ago DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.
CVE-2017-7117 high 8.8 9.8 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b…
CVE-2017-7115 high 8.1 9.1 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrar…
CVE-2017-7089 medium 6.1 7.1 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It all…
CVE-2017-15735 high 8.8 9.8 EXP phpmyfaq 9y ago In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
CVE-2017-15734 high 8.8 9.8 EXP phpmyfaq 9y ago In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
CVE-2017-15730 high 8.8 9.8 EXP phpmyfaq 9y ago In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
CVE-2017-15727 medium 5.4 6.4 EXP phpmyfaq 9y ago In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
CVE-2017-15291 medium 6.1 7.1 EXP 9y ago Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description fi…
CVE-2017-14937 medium 4.7 5.7 EXP 9y ago The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control unit…
CVE-2017-15649 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 9y ago net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race co…
CVE-2017-15647 high 7.5 8.5 EXP 9y ago On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
CVE-2017-15646 medium 6.1 7.1 EXP webmin 9y ago Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After set…
CVE-2017-15645 high 8.8 9.8 EXP webmin 9y ago CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
CVE-2017-15644 high 8.6 9.6 EXP webmin 9y ago SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
CVE-2017-15643 high 7.4 8.4 EXP ikarussecurity 9y ago An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum …
CVE-2017-15639 medium 6.5 7.5 EXP getmura 9y ago tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.
CVE-2017-10355 medium 5.3 6.3 EXPFIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em…