| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17582 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter. | ||
| CVE-2017-17581 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. | ||
| CVE-2017-17580 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. | ||
| CVE-2017-17579 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. | ||
| CVE-2017-17578 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | ||
| CVE-2017-17577 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. | ||
| CVE-2017-17576 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. | ||
| CVE-2017-17575 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. | ||
| CVE-2017-17574 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. | ||
| CVE-2017-17573 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. | ||
| CVE-2017-17572 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. | ||
| CVE-2017-17571 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter. | ||
| CVE-2017-17570 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. | ||
| CVE-2017-11899 | Cri | 0.64 | 9.8 | 0.06 | Dec 12, 2017 | Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability". | ||
| CVE-2017-17560 | Cri | 0.73 | 9.8 | 0.73 | Dec 12, 2017 | An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on… | ||
| CVE-2017-16684 | Cri | 0.64 | 9.8 | 0.03 | Dec 12, 2017 | SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | ||
| CVE-2017-15896 | Cri | 0.59 | 9.1 | 0.02 | Dec 11, 2017 | Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS… | ||
| CVE-2017-17111 | Cri | 0.67 | 9.8 | 0.09 | Dec 11, 2017 | Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. | ||
| CVE-2017-17110 | Cri | 0.67 | 9.8 | 0.09 | Dec 11, 2017 | Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. | ||
| CVE-2017-15944 | Cri | 0.87 | 9.8 | 0.98 | KEV | Dec 11, 2017 | Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. | |
| CVE-2017-15940 | Cri | 0.64 | 9.8 | 0.05 | Dec 11, 2017 | The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors. | ||
| CVE-2017-15708 | Cri | 0.65 | 9.8 | 0.18 | Dec 11, 2017 | In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially… | ||
| CVE-2017-17499 | Cri | 0.64 | 9.8 | 0.03 | Dec 11, 2017 | ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | ||
| CVE-2017-17484 | Cri | 0.64 | 9.8 | 0.05 | Dec 10, 2017 | The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and… | ||
| CVE-2017-3114 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific… | ||
| CVE-2017-3112 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range)… | ||
| CVE-2017-16398 | Cri | 0.64 | 9.8 | 0.09 | Dec 9, 2017 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the… | ||
| CVE-2017-11304 | Cri | 0.64 | 9.8 | 0.07 | Dec 9, 2017 | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-11303 | Cri | 0.64 | 9.8 | 0.08 | Dec 9, 2017 | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-11302 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-11295 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-11294 | Cri | 0.64 | 9.8 | 0.09 | Dec 9, 2017 | An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-11293 | Cri | 0.64 | 9.8 | 0.09 | Dec 9, 2017 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation… | ||
| CVE-2017-11291 | Cri | 0.65 | 10.0 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | ||
| CVE-2017-11225 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended… | ||
| CVE-2017-11215 | Cri | 0.64 | 9.8 | 0.06 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access --… | ||
| CVE-2017-11213 | Cri | 0.64 | 9.8 | 0.07 | Dec 9, 2017 | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an… | ||
| CVE-2017-17480 | Cri | 0.64 | 9.8 | 0.05 | Dec 8, 2017 | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | ||
| CVE-2017-17479 | Cri | 0.64 | 9.8 | 0.04 | Dec 8, 2017 | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | ||
| CVE-2017-10906 | Cri | 0.64 | 9.8 | 0.05 | Dec 8, 2017 | Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. | ||
| CVE-2017-17465 | Cri | 0.64 | 9.8 | 0.01 | Dec 8, 2017 | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request. | ||
| CVE-2017-17464 | Cri | 0.64 | 9.8 | 0.01 | Dec 8, 2017 | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request. | ||
| CVE-2017-17458 | Cri | 0.64 | 9.8 | 0.06 | Dec 7, 2017 | In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories,… | ||
| CVE-2017-17430 | Cri | 0.64 | 9.8 | 0.02 | Dec 7, 2017 | Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. | ||
| CVE-2017-17055 | Cri | 0.62 | 9.0 | 0.09 | Dec 7, 2017 | Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. | ||
| CVE-2016-5713 | Cri | 0.64 | 9.8 | 0.02 | Dec 6, 2017 | Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0. | ||
| CVE-2017-13160 | Cri | 0.64 | 9.8 | 0.02 | Dec 6, 2017 | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362. | ||
| CVE-2017-13150 | Cri | 0.59 | 9.1 | 0.00 | Dec 6, 2017 | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132. | ||
| CVE-2017-13149 | Cri | 0.59 | 9.1 | 0.00 | Dec 6, 2017 | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872. | ||
| CVE-2017-0879 | Cri | 0.59 | 9.1 | 0.01 | Dec 6, 2017 | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028. |
- risk 0.67cvss 9.8epss 0.03
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
- risk 0.67cvss 9.8epss 0.03
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
- risk 0.67cvss 9.8epss 0.03
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
- risk 0.67cvss 9.8epss 0.03
FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
- risk 0.67cvss 9.8epss 0.03
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
- risk 0.67cvss 9.8epss 0.03
FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
- risk 0.67cvss 9.8epss 0.03
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
- risk 0.67cvss 9.8epss 0.03
FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
- risk 0.67cvss 9.8epss 0.03
FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
- risk 0.67cvss 9.8epss 0.03
FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
- risk 0.67cvss 9.8epss 0.03
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
- risk 0.67cvss 9.8epss 0.03
FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
- risk 0.67cvss 9.8epss 0.03
FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
- risk 0.64cvss 9.8epss 0.06
Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".
- risk 0.73cvss 9.8epss 0.73
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on…
- risk 0.64cvss 9.8epss 0.03
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
- risk 0.59cvss 9.1epss 0.02
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS…
- risk 0.67cvss 9.8epss 0.09
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
- risk 0.67cvss 9.8epss 0.09
Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.
- risk 0.87cvss 9.8epss 0.98
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
- risk 0.64cvss 9.8epss 0.05
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.
- risk 0.65cvss 9.8epss 0.18
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially…
- risk 0.64cvss 9.8epss 0.03
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
- risk 0.64cvss 9.8epss 0.05
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and…
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific…
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range)…
- risk 0.64cvss 9.8epss 0.09
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the…
- risk 0.64cvss 9.8epss 0.07
An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.08
An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.09
An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.09
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation…
- risk 0.65cvss 10.0epss 0.06
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended…
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access --…
- risk 0.64cvss 9.8epss 0.07
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an…
- risk 0.64cvss 9.8epss 0.05
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
- risk 0.64cvss 9.8epss 0.04
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
- risk 0.64cvss 9.8epss 0.05
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
- risk 0.64cvss 9.8epss 0.01
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.
- risk 0.64cvss 9.8epss 0.01
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.
- risk 0.64cvss 9.8epss 0.06
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories,…
- risk 0.64cvss 9.8epss 0.02
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
- risk 0.62cvss 9.0epss 0.09
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.
- risk 0.64cvss 9.8epss 0.02
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
- risk 0.64cvss 9.8epss 0.02
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362.
- risk 0.59cvss 9.1epss 0.00
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.
- risk 0.59cvss 9.1epss 0.00
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872.
- risk 0.59cvss 9.1epss 0.01
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.