| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2845 | Hig | 0.58 | 8.8 | 0.07 | Jun 29, 2017 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP… | ||
| CVE-2017-2844 | Hig | 0.57 | 8.8 | 0.03 | Jun 29, 2017 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an… | ||
| CVE-2017-3748 | Hig | 0.51 | 7.8 | 0.00 | Jun 29, 2017 | On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device). | ||
| CVE-2017-5528 | Hig | 0.57 | 8.8 | 0.01 | Jun 29, 2017 | Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. … | ||
| CVE-2017-8613 | Hig | 0.53 | 8.1 | 0.04 | Jun 29, 2017 | Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability." | ||
| CVE-2017-8579 | Hig | 0.46 | 7.0 | 0.01 | Jun 29, 2017 | The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability." | ||
| CVE-2017-8576 | Hig | 0.46 | 7.0 | 0.01 | Jun 29, 2017 | The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability." | ||
| CVE-2017-8558 | Hig | 0.57 | 7.8 | 0.44 | Jun 29, 2017 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703… | ||
| CVE-2017-10671 | Hig | 0.51 | 7.8 | 0.02 | Jun 29, 2017 | Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename. | ||
| CVE-2016-10042 | Hig | 0.49 | 7.5 | 0.01 | Jun 29, 2017 | Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure. | ||
| CVE-2017-7686 | Hig | 0.49 | 7.5 | 0.03 | Jun 28, 2017 | Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run)… | ||
| CVE-2017-9996 | Hig | 0.51 | 7.8 | 0.02 | Jun 28, 2017 | The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer… | ||
| CVE-2017-9995 | Hig | 0.51 | 7.8 | 0.02 | Jun 28, 2017 | libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2017-9994 | Hig | 0.51 | 7.8 | 0.02 | Jun 28, 2017 | libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or… | ||
| CVE-2017-9993 | Hig | 0.50 | 7.5 | 0.16 | Jun 28, 2017 | FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. | ||
| CVE-2017-9992 | Hig | 0.57 | 8.8 | 0.03 | Jun 28, 2017 | Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have… | ||
| CVE-2017-9991 | Hig | 0.51 | 7.8 | 0.02 | Jun 28, 2017 | Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly… | ||
| CVE-2017-9990 | Hig | 0.57 | 8.8 | 0.03 | Jun 28, 2017 | Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2017-9987 | Hig | 0.49 | 7.5 | 0.02 | Jun 28, 2017 | There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack. | ||
| CVE-2017-9986 | Hig | 0.51 | 7.8 | 0.00 | Jun 28, 2017 | The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of… | ||
| CVE-2017-9985 | Hig | 0.51 | 7.8 | 0.00 | Jun 28, 2017 | The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between… | ||
| CVE-2017-9984 | Hig | 0.51 | 7.8 | 0.00 | Jun 28, 2017 | The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two… | ||
| CVE-2017-9445 | Hig | 0.53 | 7.5 | 0.55 | Jun 28, 2017 | In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer… | ||
| CVE-2017-6086 | Hig | 0.60 | 8.8 | 0.02 | Jun 27, 2017 | Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin… | ||
| CVE-2017-2491 | Hig | 0.61 | 8.8 | 0.08 | Jun 27, 2017 | Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. | ||
| CVE-2016-7062 | Hig | 0.51 | 7.8 | 0.00 | Jun 27, 2017 | rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. | ||
| CVE-2016-6342 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2017 | elog 3.1.1 allows remote attackers to post data as any username in the logbook. | ||
| CVE-2016-5414 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2017 | FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. | ||
| CVE-2016-4383 | Hig | 0.55 | 8.4 | 0.03 | Jun 27, 2017 | The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. | ||
| CVE-2015-7781 | Hig | 0.49 | 7.5 | 0.07 | Jun 27, 2017 | ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | ||
| CVE-2015-5378 | Hig | 0.49 | 7.5 | 0.02 | Jun 27, 2017 | Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. | ||
| CVE-2015-5180 | Hig | 0.49 | 7.5 | 0.06 | Jun 27, 2017 | res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). | ||
| CVE-2015-2245 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2017 | Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). | ||
| CVE-2015-1795 | Hig | 0.51 | 7.8 | 0.00 | Jun 27, 2017 | Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. | ||
| CVE-2015-1591 | Hig | 0.51 | 7.8 | 0.00 | Jun 27, 2017 | The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. | ||
| CVE-2014-8149 | Hig | 0.57 | 8.8 | 0.02 | Jun 27, 2017 | OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. | ||
| CVE-2014-6354 | Hig | 0.50 | 7.5 | 0.13 | Jun 27, 2017 | Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code. | ||
| CVE-2012-5010 | Hig | 0.53 | 8.1 | 0.01 | Jun 27, 2017 | ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x… | ||
| CVE-2004-2778 | Hig | 0.46 | 7.1 | 0.00 | Jun 27, 2017 | Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected… | ||
| CVE-2017-9982 | Hig | 0.49 | 7.5 | 0.03 | Jun 27, 2017 | TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character. | ||
| CVE-2017-1322 | Hig | 0.53 | 8.2 | 0.02 | Jun 27, 2017 | IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918. | ||
| CVE-2017-1297 | Hig | 0.51 | 7.3 | 0.01 | Jun 27, 2017 | IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159. | ||
| CVE-2017-1105 | Hig | 0.46 | 7.1 | 0.00 | Jun 27, 2017 | IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668. | ||
| CVE-2016-9738 | Hig | 0.49 | 7.5 | 0.02 | Jun 27, 2017 | IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. | ||
| CVE-2017-2843 | Hig | 0.57 | 8.8 | 0.03 | Jun 27, 2017 | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an… | ||
| CVE-2017-2842 | Hig | 0.57 | 8.8 | 0.03 | Jun 27, 2017 | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an… | ||
| CVE-2017-2841 | Hig | 0.58 | 8.8 | 0.06 | Jun 27, 2017 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file… | ||
| CVE-2017-7524 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2017 | tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. | ||
| CVE-2017-7520 | Hig | 0.48 | 7.4 | 0.03 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. | ||
| CVE-2017-7508 | Hig | 0.49 | 7.5 | 0.05 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. |
- risk 0.58cvss 8.8epss 0.07
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP…
- risk 0.57cvss 8.8epss 0.03
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an…
- risk 0.51cvss 7.8epss 0.00
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).
- risk 0.57cvss 8.8epss 0.01
Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. …
- risk 0.53cvss 8.1epss 0.04
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."
- risk 0.46cvss 7.0epss 0.01
The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."
- risk 0.46cvss 7.0epss 0.01
The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability."
- risk 0.57cvss 7.8epss 0.44
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703…
- risk 0.51cvss 7.8epss 0.02
Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.
- risk 0.49cvss 7.5epss 0.01
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure.
- risk 0.49cvss 7.5epss 0.03
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run)…
- risk 0.51cvss 7.8epss 0.02
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer…
- risk 0.51cvss 7.8epss 0.02
libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
- risk 0.51cvss 7.8epss 0.02
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or…
- risk 0.50cvss 7.5epss 0.16
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
- risk 0.57cvss 8.8epss 0.03
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have…
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly…
- risk 0.57cvss 8.8epss 0.03
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
- risk 0.49cvss 7.5epss 0.02
There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack.
- risk 0.51cvss 7.8epss 0.00
The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of…
- risk 0.51cvss 7.8epss 0.00
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between…
- risk 0.51cvss 7.8epss 0.00
The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two…
- risk 0.53cvss 7.5epss 0.55
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer…
- risk 0.60cvss 8.8epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin…
- risk 0.61cvss 8.8epss 0.08
Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.
- risk 0.51cvss 7.8epss 0.00
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
- risk 0.49cvss 7.5epss 0.01
elog 3.1.1 allows remote attackers to post data as any username in the logbook.
- risk 0.49cvss 7.5epss 0.01
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.
- risk 0.55cvss 8.4epss 0.03
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.
- risk 0.49cvss 7.5epss 0.07
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
- risk 0.49cvss 7.5epss 0.02
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
- risk 0.49cvss 7.5epss 0.06
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
- risk 0.49cvss 7.5epss 0.01
Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash).
- risk 0.51cvss 7.8epss 0.00
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
- risk 0.51cvss 7.8epss 0.00
The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.
- risk 0.57cvss 8.8epss 0.02
OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files.
- risk 0.50cvss 7.5epss 0.13
Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code.
- risk 0.53cvss 8.1epss 0.01
ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x…
- risk 0.46cvss 7.1epss 0.00
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected…
- risk 0.49cvss 7.5epss 0.03
TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character.
- risk 0.53cvss 8.2epss 0.02
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.
- risk 0.51cvss 7.3epss 0.01
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
- risk 0.46cvss 7.1epss 0.00
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.
- risk 0.49cvss 7.5epss 0.02
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783.
- risk 0.57cvss 8.8epss 0.03
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an…
- risk 0.57cvss 8.8epss 0.03
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an…
- risk 0.58cvss 8.8epss 0.06
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file…
- risk 0.49cvss 7.5epss 0.01
tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.
- risk 0.48cvss 7.4epss 0.03
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
- risk 0.49cvss 7.5epss 0.05
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.