| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10308 | Cri | 0.64 | 9.8 | 0.03 | Mar 30, 2017 | Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded… | ||
| CVE-2016-10307 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2017 | Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via… | ||
| CVE-2016-10306 | Cri | 0.64 | 9.8 | 0.03 | Mar 30, 2017 | Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | ||
| CVE-2016-10305 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2017 | Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once… | ||
| CVE-2017-5226 | Cri | 0.65 | 10.0 | 0.03 | Mar 29, 2017 | When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox. | ||
| CVE-2014-3582 | Cri | 0.64 | 9.8 | 0.02 | Mar 29, 2017 | In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | ||
| CVE-2016-9924 | Cri | 0.64 | 9.8 | 0.03 | Mar 29, 2017 | Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | ||
| CVE-2016-6807 | Cri | 0.64 | 9.8 | 0.02 | Mar 28, 2017 | Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user… | ||
| CVE-2016-8749 | Cri | 0.58 | 9.8 | 0.11 | Mar 28, 2017 | Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. | ||
| CVE-2014-6440 | Cri | 0.64 | 9.8 | 0.05 | Mar 28, 2017 | VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. | ||
| CVE-2016-10152 | Cri | 0.57 | 9.8 | 0.07 | Mar 28, 2017 | The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. | ||
| CVE-2016-9470 | Cri | 0.59 | 9.0 | 0.02 | Mar 28, 2017 | Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually… | ||
| CVE-2016-9125 | Cri | 0.64 | 9.8 | 0.03 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for… | ||
| CVE-2016-9124 | Cri | 0.64 | 9.8 | 0.02 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to… | ||
| CVE-2016-9121 | Cri | 0.52 | 9.1 | 0.01 | Mar 28, 2017 | go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the… | ||
| CVE-2017-7191 | Cri | 0.64 | 9.8 | 0.03 | Mar 27, 2017 | The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | ||
| CVE-2017-6542 | Cri | 0.68 | 9.8 | 0.22 | Mar 27, 2017 | The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which… | ||
| CVE-2017-7269 | Cri | 0.80 | 9.8 | 1.00 | KEV | Mar 27, 2017 | Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as… | |
| CVE-2017-6013 | Cri | 0.64 | 9.8 | 0.02 | Mar 27, 2017 | Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. | ||
| CVE-2017-2641 | Cri | 0.68 | 9.8 | 0.15 | Mar 26, 2017 | In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | ||
| CVE-2017-5511 | Cri | 0.64 | 9.8 | 0.05 | Mar 24, 2017 | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. | ||
| CVE-2017-5337 | Cri | 0.64 | 9.8 | 0.06 | Mar 24, 2017 | Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | ||
| CVE-2017-5336 | Cri | 0.64 | 9.8 | 0.07 | Mar 24, 2017 | Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | ||
| CVE-2017-5334 | Cri | 0.66 | 9.8 | 0.33 | Mar 24, 2017 | Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | ||
| CVE-2016-6206 | Cri | 0.64 | 9.8 | 0.04 | Mar 24, 2017 | Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. | ||
| CVE-2016-10145 | Cri | 0.57 | 9.8 | 0.05 | Mar 24, 2017 | Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. | ||
| CVE-2016-10144 | Cri | 0.57 | 9.8 | 0.05 | Mar 24, 2017 | coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | ||
| CVE-2016-10133 | Cri | 0.64 | 9.8 | 0.02 | Mar 24, 2017 | Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions. | ||
| CVE-2016-10128 | Cri | 0.57 | 9.8 | 0.04 | Mar 24, 2017 | Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. | ||
| CVE-2015-8556 | Cri | 0.69 | 10.0 | 0.13 | Mar 24, 2017 | Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. | ||
| CVE-2017-6950 | Cri | 0.64 | 9.8 | 0.04 | Mar 23, 2017 | SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | ||
| CVE-2017-6895 | Cri | 0.64 | 9.8 | 0.03 | Mar 23, 2017 | USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. | ||
| CVE-2017-6517 | Cri | 0.67 | 9.8 | 0.46 | Mar 23, 2017 | Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the… | ||
| CVE-2015-8626 | Cri | 0.64 | 9.8 | 0.02 | Mar 23, 2017 | The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||
| CVE-2015-5729 | Cri | 0.64 | 9.8 | 0.05 | Mar 23, 2017 | The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack. | ||
| CVE-2015-4166 | Cri | 0.64 | 9.8 | 0.01 | Mar 23, 2017 | Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. | ||
| CVE-2015-0855 | Cri | 0.64 | 9.8 | 0.03 | Mar 23, 2017 | The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | ||
| CVE-2014-8731 | Cri | 0.65 | 9.8 | 0.12 | Mar 23, 2017 | PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot. | ||
| CVE-2014-7279 | Cri | 0.68 | 9.8 | 0.12 | Mar 23, 2017 | The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. | ||
| CVE-2017-6361 | Cri | 0.71 | 9.8 | 0.57 | Mar 23, 2017 | QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. | ||
| CVE-2017-6360 | Cri | 0.72 | 9.8 | 0.66 | Mar 23, 2017 | QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. | ||
| CVE-2017-6359 | Cri | 0.69 | 9.8 | 0.27 | Mar 23, 2017 | QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. | ||
| CVE-2017-5897 | Cri | 0.64 | 9.8 | 0.05 | Mar 23, 2017 | The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | ||
| CVE-2017-5538 | Cri | 0.64 | 9.8 | 0.03 | Mar 23, 2017 | The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka… | ||
| CVE-2017-5206 | Cri | 0.59 | 9.0 | 0.02 | Mar 23, 2017 | Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. | ||
| CVE-2016-5757 | Cri | 0.64 | 9.8 | 0.02 | Mar 23, 2017 | iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. | ||
| CVE-2017-6972 | Cri | 0.68 | 9.8 | 0.15 | Mar 22, 2017 | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971. | ||
| CVE-2017-3853 | Cri | 0.64 | 9.8 | 0.09 | Mar 22, 2017 | A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an… | ||
| CVE-2017-7230 | Cri | 0.68 | 9.8 | 0.14 | Mar 22, 2017 | A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. | ||
| CVE-2017-7226 | Cri | 0.59 | 9.1 | 0.02 | Mar 22, 2017 | The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several… |
- risk 0.64cvss 9.8epss 0.03
Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded…
- risk 0.64cvss 9.8epss 0.02
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via…
- risk 0.64cvss 9.8epss 0.03
Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
- risk 0.64cvss 9.8epss 0.02
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once…
- risk 0.65cvss 10.0epss 0.03
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
- risk 0.64cvss 9.8epss 0.02
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.
- risk 0.64cvss 9.8epss 0.03
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.
- risk 0.64cvss 9.8epss 0.02
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user…
- risk 0.58cvss 9.8epss 0.11
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
- risk 0.64cvss 9.8epss 0.05
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
- risk 0.57cvss 9.8epss 0.07
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
- risk 0.59cvss 9.0epss 0.02
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually…
- risk 0.64cvss 9.8epss 0.03
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for…
- risk 0.64cvss 9.8epss 0.02
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to…
- risk 0.52cvss 9.1epss 0.01
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the…
- risk 0.64cvss 9.8epss 0.03
The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.
- risk 0.68cvss 9.8epss 0.22
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which…
- risk 0.80cvss 9.8epss 1.00
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as…
- risk 0.64cvss 9.8epss 0.02
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
- risk 0.68cvss 9.8epss 0.15
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
- risk 0.64cvss 9.8epss 0.05
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
- risk 0.64cvss 9.8epss 0.06
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
- risk 0.64cvss 9.8epss 0.07
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
- risk 0.66cvss 9.8epss 0.33
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
- risk 0.64cvss 9.8epss 0.04
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet.
- risk 0.57cvss 9.8epss 0.05
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
- risk 0.57cvss 9.8epss 0.05
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
- risk 0.64cvss 9.8epss 0.02
Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions.
- risk 0.57cvss 9.8epss 0.04
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
- risk 0.69cvss 10.0epss 0.13
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
- risk 0.64cvss 9.8epss 0.04
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
- risk 0.64cvss 9.8epss 0.03
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml.
- risk 0.67cvss 9.8epss 0.46
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the…
- risk 0.64cvss 9.8epss 0.02
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.
- risk 0.64cvss 9.8epss 0.05
The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack.
- risk 0.64cvss 9.8epss 0.01
Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key.
- risk 0.64cvss 9.8epss 0.03
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.
- risk 0.65cvss 9.8epss 0.12
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.
- risk 0.68cvss 9.8epss 0.12
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
- risk 0.71cvss 9.8epss 0.57
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
- risk 0.72cvss 9.8epss 0.66
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
- risk 0.69cvss 9.8epss 0.27
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.05
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
- risk 0.64cvss 9.8epss 0.03
The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka…
- risk 0.59cvss 9.0epss 0.02
Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.
- risk 0.64cvss 9.8epss 0.02
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.
- risk 0.68cvss 9.8epss 0.15
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
- risk 0.64cvss 9.8epss 0.09
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an…
- risk 0.68cvss 9.8epss 0.14
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.
- risk 0.59cvss 9.1epss 0.02
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several…