CVEs from 2017
Total
11,611
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14101 | critical | 9.8 | 9.8 | 9y ago | A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change H… | |||
| CVE-2017-17405 | high | 8.8 | 9.8 | 9y ago | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument star… | |||
| CVE-2017-5264 | high | 8.8 | 9.8 | 9y ago | Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site requ… | |||
| CVE-2017-17671 | critical | 9.8 | 9.8 | 9y ago | vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify … | |||
| CVE-2017-17615 | high | 8.8 | 9.8 | 9y ago | Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. | |||
| CVE-2017-11899 | critical | 9.8 | 9.8 | 9y ago | Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, a… | |||
| CVE-2017-16684 | critical | 9.8 | 9.8 | 9y ago | SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | |||
| CVE-2017-15940 | critical | 9.8 | 9.8 | 9y ago | The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to… | |||
| CVE-2017-11319 | high | 8.8 | 9.8 | 9y ago | Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and m… | |||
| CVE-2017-15708 | critical | 9.8 | 9.8 | 9y ago | Remote Code Execution in Apache Synapse | |||
| CVE-2017-17499 | critical | 9.8 | 9.8 | 9y ago | ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | |||
| CVE-2017-17484 | critical | 9.8 | 9.8 | 9y ago | The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote a… | |||
| CVE-2017-3114 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the co… | |||
| CVE-2017-3112 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the co… | |||
| CVE-2017-16398 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-11304 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11303 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code executio… | |||
| CVE-2017-11302 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11295 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11294 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11293 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. A… | |||
| CVE-2017-11225 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mis… | |||
| CVE-2017-11215 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old an… | |||
| CVE-2017-11213 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to … | |||
| CVE-2017-17480 | critical | 9.8 | 9.8 | 9y ago | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of serv… | |||
| CVE-2017-17479 | critical | 9.8 | 9.8 | 9y ago | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of servi… | |||
| CVE-2017-16921 | high | 8.8 | 9.8 | 9y ago | In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form paramete… | |||
| CVE-2017-17465 | critical | 9.8 | 9.8 | 9y ago | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request. | |||
| CVE-2017-17464 | critical | 9.8 | 9.8 | 9y ago | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request. | |||
| CVE-2017-17430 | critical | 9.8 | 9.8 | 9y ago | Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. | |||
| CVE-2017-13160 | critical | 9.8 | 9.8 | 9y ago | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362. | |||
| CVE-2017-17434 | critical | 9.8 | 9.8 | 9y ago | The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also … | |||
| CVE-2017-14374 | critical | 9.8 | 9.8 | 9y ago | The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially d… | |||
| CVE-2017-6211 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can o… | |||
| CVE-2017-14918 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur. | |||
| CVE-2017-14917 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. | |||
| CVE-2017-14916 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. | |||
| CVE-2017-14914 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale. | |||
| CVE-2017-14909 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated. | |||
| CVE-2017-14908 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to veri… | |||
| CVE-2017-11006 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning. | |||
| CVE-2017-11005 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path. | |||
| CVE-2017-9709 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony. | |||
| CVE-2017-15813 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs. | |||
| CVE-2017-14907 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key. | |||
| CVE-2017-15889 | high | 8.8 | 9.8 | 9y ago | Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | |||
| CVE-2017-13664 | critical | 9.8 | 9.8 | 9y ago | Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this… | |||
| CVE-2017-15702 | critical | 9.8 | 9.8 | 9y ago | Apache Qpid Broker vulnerable to authentication port spoofing | |||
| CVE-2017-10903 | critical | 9.8 | 9.8 | 9y ago | Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. | |||
| CVE-2017-10902 | critical | 9.8 | 9.8 | 9y ago | PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-10900 | critical | 9.8 | 9.8 | 9y ago | PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors. | |||
| CVE-2017-10899 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-10898 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-17086 | critical | 9.8 | 9.8 | 9y ago | Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as… | |||
| CVE-2017-15607 | critical | 9.8 | 9.8 | 9y ago | Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. | |||
| CVE-2017-11284 | critical | 9.8 | 9.8 | 9y ago | Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||
| CVE-2017-11283 | critical | 9.8 | 9.8 | 9y ago | Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||
| CVE-2017-17067 | critical | 9.8 | 9.8 | 9y ago | Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which … | |||
| CVE-2017-14189 | critical | 9.8 | 9.8 | 9y ago | An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. | |||
| CVE-2017-8818 | critical | 9.8 | 9.8 | 9y ago | curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too litt… | |||
| CVE-2017-8817 | critical | 9.8 | 9.8 | 9y ago | The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact v… | |||
| CVE-2017-8816 | critical | 9.8 | 9.8 | 9y ago | The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application cr… | |||
| CVE-2017-14377 | critical | 9.8 | 9.8 | 9y ago | EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could p… | |||
| CVE-2017-9315 | critical | 9.8 | 9.8 | 9y ago | Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm use… | |||
| CVE-2017-8020 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root pri… | |||
| CVE-2017-14746 | critical | 9.8 | 9.8 | 9y ago | Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | |||
| CVE-2017-14586 | critical | 9.8 | 9.8 | 9y ago | The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are … | |||
| CVE-2017-1001003 | critical | 9.8 | 9.8 | 9y ago | Arbitrary Code Execution in mathjs | |||
| CVE-2017-1001002 | critical | 9.8 | 9.8 | 9y ago | Arbitrary Code Execution in mathjs | |||
| CVE-2017-1000214 | critical | 9.8 | 9.8 | 9y ago | GitPHP by xiphux is vulnerable to OS Command Injections | |||
| CVE-2017-8045 | critical | 9.8 | 9.8 | 9y ago | Deserialization of Untrusted Data in Spring AMQP | |||
| CVE-2017-16943 | critical | 9.8 | 9.8 | 9y ago | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BD… | |||
| CVE-2017-16931 | critical | 9.8 | 9.8 | 9y ago | parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. | |||
| CVE-2017-13701 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are sto… | |||
| CVE-2017-15088 | critical | 9.8 | 9.8 | 9y ago | plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause … | |||
| CVE-2017-8129 | critical | 9.8 | 9.8 | 9y ago | The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packe… | |||
| CVE-2017-8128 | critical | 9.8 | 9.8 | 9y ago | The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packe… | |||
| CVE-2017-8126 | critical | 9.8 | 9.8 | 9y ago | The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit… | |||
| CVE-2017-8124 | critical | 9.8 | 9.8 | 9y ago | The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit… | |||
| CVE-2017-8123 | critical | 9.8 | 9.8 | 9y ago | The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit… | |||
| CVE-2017-8122 | critical | 9.8 | 9.8 | 9y ago | The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit… | |||
| CVE-2017-8120 | critical | 9.8 | 9.8 | 9y ago | The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packe… | |||
| CVE-2017-8119 | critical | 9.8 | 9.8 | 9y ago | The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packe… | |||
| CVE-2017-8117 | critical | 9.8 | 9.8 | 9y ago | The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packe… | |||
| CVE-2017-2738 | critical | 9.8 | 9.8 | 9y ago | VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauth… | |||
| CVE-2017-13071 | critical | 9.8 | 9.8 | 9y ago | QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earli… | |||
| CVE-2017-8864 | critical | 9.8 | 9.8 | 9y ago | Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as dem… | |||
| CVE-2017-8862 | critical | 9.8 | 9.8 | 9y ago | The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "ro… | |||
| CVE-2017-8861 | critical | 9.8 | 9.8 | 9y ago | Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially craft… | |||
| CVE-2017-16926 | critical | 9.8 | 9.8 | 9y ago | Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) t… | |||
| CVE-2017-5719 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user. | |||
| CVE-2017-16920 | critical | 9.8 | 9.8 | 9y ago | v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via … | |||
| CVE-2017-16613 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieve… | |||
| CVE-2017-16840 | critical | 9.8 | 9.8 | 9y ago | The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related t… | |||
| CVE-2017-16903 | critical | 9.8 | 9.8 | 9y ago | LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, wit… | |||
| CVE-2017-16896 | critical | 9.8 | 9.8 | 9y ago | A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. | |||
| CVE-2017-11402 | critical | 9.8 | 9.8 | 9y ago | An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activat… | |||
| CVE-2017-11401 | critical | 9.8 | 9.8 | 9y ago | An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an a… | |||
| CVE-2017-16566 | critical | 9.8 | 9.8 | 9y ago | On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authenticatio… | |||
| CVE-2017-1000215 | critical | 9.8 | 9.8 | 9y ago | ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution |