| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17801 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2017 | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060. | ||
| CVE-2017-17800 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2017 | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798. | ||
| CVE-2017-17799 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2017 | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068. | ||
| CVE-2017-17798 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2017 | In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800. | ||
| CVE-2017-17797 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2017 | In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058. | ||
| CVE-2017-17796 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2017 | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4. | ||
| CVE-2017-17795 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2017 | In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088. | ||
| CVE-2017-17793 | Hig | 0.49 | 7.5 | 0.02 | Dec 20, 2017 | Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an… | ||
| CVE-2017-17789 | Hig | 0.51 | 7.8 | 0.02 | Dec 20, 2017 | In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. | ||
| CVE-2017-17787 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2017 | In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. | ||
| CVE-2017-17786 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2017 | In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. | ||
| CVE-2017-17785 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2017 | In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. | ||
| CVE-2017-17784 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2017 | In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | ||
| CVE-2017-17783 | Hig | 0.49 | 7.5 | 0.02 | Dec 20, 2017 | In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. | ||
| CVE-2017-17782 | Hig | 0.57 | 8.8 | 0.02 | Dec 20, 2017 | In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | ||
| CVE-2017-17774 | Hig | 0.57 | 8.8 | 0.01 | Dec 20, 2017 | admin/configuration.php in Piwigo 2.9.2 has CSRF. | ||
| CVE-2017-17763 | Hig | 0.49 | 7.5 | 0.01 | Dec 19, 2017 | SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection. | ||
| CVE-2017-17088 | Hig | 0.52 | 7.5 | 0.07 | Dec 19, 2017 | The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a… | ||
| CVE-2017-15049 | Hig | 0.62 | 8.8 | 0.17 | Dec 19, 2017 | The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | ||
| CVE-2017-15048 | Hig | 0.61 | 8.8 | 0.10 | Dec 19, 2017 | Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | ||
| CVE-2017-17758 | Hig | 0.57 | 8.8 | 0.03 | Dec 19, 2017 | TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua… | ||
| CVE-2017-17757 | Hig | 0.57 | 8.8 | 0.03 | Dec 19, 2017 | TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua… | ||
| CVE-2017-15876 | Hig | 0.47 | 7.2 | 0.02 | Dec 19, 2017 | Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. | ||
| CVE-2017-11562 | Hig | 0.57 | 8.8 | 0.01 | Dec 19, 2017 | A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php. | ||
| CVE-2017-15700 | Hig | 0.57 | 8.8 | 0.02 | Dec 18, 2017 | A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | ||
| CVE-2017-15104 | Hig | 0.44 | 7.8 | 0.00 | Dec 18, 2017 | An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file. | ||
| CVE-2017-15103 | Hig | 0.51 | 8.8 | 0.06 | Dec 18, 2017 | A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege… | ||
| CVE-2017-17740 | Hig | 0.49 | 7.5 | 0.07 | Dec 18, 2017 | contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN… | ||
| CVE-2017-17738 | Hig | 0.52 | 7.5 | 0.06 | Dec 18, 2017 | The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. | ||
| CVE-2017-17727 | Hig | 0.57 | 8.8 | 0.01 | Dec 18, 2017 | DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | ||
| CVE-2017-16997 | Hig | 0.51 | 7.8 | 0.03 | Dec 18, 2017 | elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory,… | ||
| CVE-2017-17715 | Hig | 0.57 | 8.8 | 0.02 | Dec 16, 2017 | The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | ||
| CVE-2017-3196 | Hig | 0.51 | 7.8 | 0.01 | Dec 16, 2017 | PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with… | ||
| CVE-2017-3194 | Hig | 0.53 | 8.1 | 0.01 | Dec 16, 2017 | Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | ||
| CVE-2017-3193 | Hig | 0.58 | 8.8 | 0.06 | Dec 16, 2017 | Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | ||
| CVE-2017-3190 | Hig | 0.49 | 7.5 | 0.00 | Dec 16, 2017 | Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | ||
| CVE-2017-14092 | Hig | 0.57 | 8.8 | 0.01 | Dec 16, 2017 | The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | ||
| CVE-2017-14091 | Hig | 0.49 | 7.5 | 0.01 | Dec 16, 2017 | A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. | ||
| CVE-2017-11397 | Hig | 0.51 | 7.8 | 0.02 | Dec 16, 2017 | A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. | ||
| CVE-2017-17712 | Hig | 0.46 | 7.0 | 0.00 | Dec 16, 2017 | The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges. | ||
| CVE-2017-14184 | Hig | 0.57 | 8.8 | 0.02 | Dec 15, 2017 | An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication… | ||
| CVE-2017-16788 | Hig | 0.47 | 7.2 | 0.04 | Dec 15, 2017 | Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root… | ||
| CVE-2017-16776 | Hig | 0.53 | 8.1 | 0.01 | Dec 15, 2017 | Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit… | ||
| CVE-2017-17697 | Hig | 0.56 | 8.6 | 0.01 | Dec 15, 2017 | The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | ||
| CVE-2017-17695 | Hig | 0.57 | 8.8 | 0.01 | Dec 15, 2017 | Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | ||
| CVE-2017-17670 | Hig | 0.57 | 8.8 | 0.02 | Dec 15, 2017 | In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. | ||
| CVE-2017-17405 | Hig | 0.66 | 8.8 | 0.74 | Dec 15, 2017 | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is… | ||
| CVE-2017-5264 | Hig | 0.60 | 8.8 | 0.03 | Dec 14, 2017 | Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack. | ||
| CVE-2016-10703 | Hig | 0.42 | 7.5 | 0.03 | Dec 14, 2017 | A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string. | ||
| CVE-2017-7344 | Hig | 0.53 | 8.1 | 0.02 | Dec 14, 2017 | A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. |
- risk 0.51cvss 7.8epss 0.00
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060.
- risk 0.51cvss 7.8epss 0.00
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798.
- risk 0.51cvss 7.8epss 0.00
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068.
- risk 0.51cvss 7.8epss 0.00
In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800.
- risk 0.51cvss 7.8epss 0.00
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058.
- risk 0.51cvss 7.8epss 0.00
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4.
- risk 0.51cvss 7.8epss 0.00
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088.
- risk 0.49cvss 7.5epss 0.02
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an…
- risk 0.51cvss 7.8epss 0.02
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
- risk 0.51cvss 7.8epss 0.01
In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
- risk 0.51cvss 7.8epss 0.01
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
- risk 0.51cvss 7.8epss 0.01
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
- risk 0.51cvss 7.8epss 0.01
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
- risk 0.49cvss 7.5epss 0.02
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.
- risk 0.57cvss 8.8epss 0.02
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
- risk 0.57cvss 8.8epss 0.01
admin/configuration.php in Piwigo 2.9.2 has CSRF.
- risk 0.49cvss 7.5epss 0.01
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection.
- risk 0.52cvss 7.5epss 0.07
The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a…
- risk 0.62cvss 8.8epss 0.17
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
- risk 0.61cvss 8.8epss 0.10
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
- risk 0.57cvss 8.8epss 0.03
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua…
- risk 0.57cvss 8.8epss 0.03
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua…
- risk 0.47cvss 7.2epss 0.02
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.
- risk 0.57cvss 8.8epss 0.01
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.
- risk 0.57cvss 8.8epss 0.02
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
- risk 0.44cvss 7.8epss 0.00
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
- risk 0.51cvss 8.8epss 0.06
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege…
- risk 0.49cvss 7.5epss 0.07
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN…
- risk 0.52cvss 7.5epss 0.06
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.
- risk 0.57cvss 8.8epss 0.01
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
- risk 0.51cvss 7.8epss 0.03
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory,…
- risk 0.57cvss 8.8epss 0.02
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.
- risk 0.51cvss 7.8epss 0.01
PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with…
- risk 0.53cvss 8.1epss 0.01
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
- risk 0.58cvss 8.8epss 0.06
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.
- risk 0.49cvss 7.5epss 0.00
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
- risk 0.57cvss 8.8epss 0.01
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.
- risk 0.51cvss 7.8epss 0.02
A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.
- risk 0.46cvss 7.0epss 0.00
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
- risk 0.57cvss 8.8epss 0.02
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication…
- risk 0.47cvss 7.2epss 0.04
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root…
- risk 0.53cvss 8.1epss 0.01
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit…
- risk 0.56cvss 8.6epss 0.01
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
- risk 0.57cvss 8.8epss 0.01
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.
- risk 0.57cvss 8.8epss 0.02
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
- risk 0.66cvss 8.8epss 0.74
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is…
- risk 0.60cvss 8.8epss 0.03
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
- risk 0.42cvss 7.5epss 0.03
A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.
- risk 0.53cvss 8.1epss 0.02
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.