| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000042 | Cri | 0.64 | 9.8 | 0.04 | Feb 9, 2018 | Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be… | ||
| CVE-2018-1000034 | Cri | 0.59 | 9.1 | 0.01 | Feb 9, 2018 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. | ||
| CVE-2018-1000033 | Cri | 0.59 | 9.1 | 0.02 | Feb 9, 2018 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. | ||
| CVE-2018-3601 | Cri | 0.64 | 9.8 | 0.04 | Feb 9, 2018 | A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. | ||
| CVE-2018-6825 | Cri | 0.64 | 9.8 | 0.02 | Feb 9, 2018 | An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access. | ||
| CVE-2018-6871 | Cri | 0.62 | 9.8 | 0.23 | Feb 9, 2018 | LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. | ||
| CVE-2018-6789 | Cri | 0.84 | 9.8 | 0.82 | KEV | Feb 8, 2018 | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. | |
| CVE-2018-6180 | — | Cri | 0.67 | 9.8 | 0.04 | Feb 8, 2018 | A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. | |
| CVE-2012-2166 | Cri | 0.64 | 9.8 | 0.03 | Feb 8, 2018 | IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041. | ||
| CVE-2011-4889 | Cri | 0.64 | 9.8 | 0.03 | Feb 8, 2018 | The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server,… | ||
| CVE-2018-1163 | Cri | 0.65 | 9.8 | 0.16 | Feb 8, 2018 | This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass… | ||
| CVE-2018-1161 | Cri | 0.69 | 9.8 | 0.67 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of… | ||
| CVE-2017-17659 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobHistory Get method requests.… | ||
| CVE-2017-17658 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get method… | ||
| CVE-2017-17657 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method… | ||
| CVE-2017-17656 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests.… | ||
| CVE-2017-17655 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup PluginList method… | ||
| CVE-2017-17654 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method… | ||
| CVE-2017-17653 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method… | ||
| CVE-2017-17652 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests.… | ||
| CVE-2017-17425 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method… | ||
| CVE-2017-17424 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests.… | ||
| CVE-2017-17423 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method… | ||
| CVE-2017-17422 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The… | ||
| CVE-2017-17421 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method… | ||
| CVE-2017-17420 | Cri | 0.68 | 9.8 | 0.49 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method… | ||
| CVE-2017-17419 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method… | ||
| CVE-2017-17418 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The… | ||
| CVE-2017-17417 | Cri | 0.68 | 9.8 | 0.10 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method… | ||
| CVE-2017-17416 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method… | ||
| CVE-2017-17415 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count method… | ||
| CVE-2017-17414 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests.… | ||
| CVE-2017-17413 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method… | ||
| CVE-2017-17412 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue… | ||
| CVE-2018-0514 | Cri | 0.64 | 9.8 | 0.02 | Feb 8, 2018 | MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2018-6836 | Cri | 0.64 | 9.8 | 0.03 | Feb 8, 2018 | The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2018-6835 | — | Cri | 0.57 | 9.8 | 0.02 | Feb 8, 2018 | node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions. | |
| CVE-2018-0127 | Cri | 0.70 | 9.8 | 0.78 | Feb 8, 2018 | A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of… | ||
| CVE-2018-0125 | Cri | 0.80 | 9.8 | 0.55 | KEV | Feb 8, 2018 | A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root… | |
| CVE-2017-12472 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2018 | ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc. | ||
| CVE-2017-12471 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2018 | The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function. | ||
| CVE-2017-12470 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2018 | Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables. | ||
| CVE-2017-12469 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2018 | Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation. | ||
| CVE-2017-12468 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2018 | Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables. | ||
| CVE-2017-12466 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2018 | CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access. | ||
| CVE-2017-12465 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2018 | Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function. | ||
| CVE-2018-6823 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2018 | In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root. | ||
| CVE-2018-6822 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2018 | In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root. | ||
| CVE-2018-4877 | Cri | 0.64 | 9.8 | 0.09 | Feb 6, 2018 | A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution. | ||
| CVE-2018-6758 | Cri | 0.00 | 9.8 | 0.02 | Feb 6, 2018 | The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length. |
- risk 0.64cvss 9.8epss 0.04
Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be…
- risk 0.59cvss 9.1epss 0.01
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.
- risk 0.59cvss 9.1epss 0.02
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.
- risk 0.64cvss 9.8epss 0.04
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access.
- risk 0.62cvss 9.8epss 0.23
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
- risk 0.84cvss 9.8epss 0.82
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
- risk 0.67cvss 9.8epss 0.04
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.
- risk 0.64cvss 9.8epss 0.03
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.
- risk 0.64cvss 9.8epss 0.03
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server,…
- risk 0.65cvss 9.8epss 0.16
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass…
- risk 0.69cvss 9.8epss 0.67
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobHistory Get method requests.…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests.…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup PluginList method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests.…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests.…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method…
- risk 0.68cvss 9.8epss 0.49
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The…
- risk 0.68cvss 9.8epss 0.10
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests.…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue…
- risk 0.64cvss 9.8epss 0.02
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.03
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.57cvss 9.8epss 0.02
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.
- risk 0.70cvss 9.8epss 0.78
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of…
- risk 0.80cvss 9.8epss 0.55
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root…
- risk 0.64cvss 9.8epss 0.02
ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc.
- risk 0.64cvss 9.8epss 0.02
The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function.
- risk 0.64cvss 9.8epss 0.02
Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.
- risk 0.64cvss 9.8epss 0.02
Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation.
- risk 0.64cvss 9.8epss 0.02
Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables.
- risk 0.64cvss 9.8epss 0.02
CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access.
- risk 0.64cvss 9.8epss 0.02
Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function.
- risk 0.64cvss 9.8epss 0.02
In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
- risk 0.64cvss 9.8epss 0.02
In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.
- risk 0.64cvss 9.8epss 0.09
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.
- risk 0.00cvss 9.8epss 0.02
The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.