| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5171 | Cri | 0.57 | 9.8 | 0.01 | Oct 24, 2017 | The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions. | ||
| CVE-2014-1203 | Cri | 0.65 | 9.8 | 0.16 | Oct 24, 2017 | The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. | ||
| CVE-2017-15081 | Cri | 0.67 | 9.8 | 0.02 | Oct 24, 2017 | In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. | ||
| CVE-2014-3741 | Cri | 0.57 | 9.8 | 0.04 | Oct 23, 2017 | The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command. | ||
| CVE-2012-4570 | Cri | 0.64 | 9.8 | 0.02 | Oct 23, 2017 | SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2017-15580 | Cri | 0.68 | 9.8 | 0.16 | Oct 23, 2017 | osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a… | ||
| CVE-2017-15381 | Cri | 0.64 | 9.8 | 0.01 | Oct 23, 2017 | SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). | ||
| CVE-2017-15379 | Cri | 0.64 | 9.8 | 0.03 | Oct 23, 2017 | An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | ||
| CVE-2017-12796 | Cri | 0.64 | 9.8 | 0.04 | Oct 23, 2017 | The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute… | ||
| CVE-2017-7130 | Cri | 0.64 | 9.8 | 0.02 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a… | ||
| CVE-2017-7129 | Cri | 0.64 | 9.8 | 0.02 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a… | ||
| CVE-2017-7128 | Cri | 0.64 | 9.8 | 0.02 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a… | ||
| CVE-2017-7126 | Cri | 0.64 | 9.8 | 0.03 | Oct 23, 2017 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2017-7125 | Cri | 0.64 | 9.8 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2017-7124 | Cri | 0.64 | 9.8 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2017-7123 | Cri | 0.64 | 9.8 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2017-7122 | Cri | 0.64 | 9.8 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2017-7121 | Cri | 0.64 | 9.8 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2017-7112 | Cri | 0.64 | 9.8 | 0.04 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial… | ||
| CVE-2017-7110 | Cri | 0.64 | 9.8 | 0.04 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial… | ||
| CVE-2017-7108 | Cri | 0.64 | 9.8 | 0.04 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial… | ||
| CVE-2017-7105 | Cri | 0.64 | 9.8 | 0.04 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial… | ||
| CVE-2017-7103 | Cri | 0.64 | 9.8 | 0.03 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial… | ||
| CVE-2017-15804 | Cri | 0.64 | 9.8 | 0.03 | Oct 22, 2017 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | ||
| CVE-2011-1935 | Cri | 0.64 | 9.8 | 0.04 | Oct 20, 2017 | pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets. | ||
| CVE-2017-15670 | Cri | 0.64 | 9.8 | 0.03 | Oct 20, 2017 | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | ||
| CVE-2017-6165 | Cri | 0.64 | 9.8 | 0.02 | Oct 20, 2017 | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration… | ||
| CVE-2017-5636 | Cri | 0.64 | 9.8 | 0.04 | Oct 19, 2017 | In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to… | ||
| CVE-2017-10405 | Cri | 0.65 | 10.0 | 0.02 | Oct 19, 2017 | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via… | ||
| CVE-2017-10404 | Cri | 0.64 | 9.9 | 0.01 | Oct 19, 2017 | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via… | ||
| CVE-2017-10402 | Cri | 0.65 | 10.0 | 0.02 | Oct 19, 2017 | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via… | ||
| CVE-2017-10396 | Cri | 0.64 | 9.9 | 0.01 | Oct 19, 2017 | Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon… | ||
| CVE-2017-10366 | Cri | 0.70 | 9.8 | 0.43 | Oct 19, 2017 | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network… | ||
| CVE-2017-10352 | Cri | 0.65 | 9.9 | 0.06 | Oct 19, 2017 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated… | ||
| CVE-2017-10346 | Cri | 0.63 | 9.6 | 0.03 | Oct 19, 2017 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network… | ||
| CVE-2017-10330 | Cri | 0.59 | 9.1 | 0.03 | Oct 19, 2017 | Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Gantt Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with… | ||
| CVE-2017-10329 | Cri | 0.59 | 9.1 | 0.03 | Oct 19, 2017 | Vulnerability in the Oracle Global Order Promising component of Oracle E-Business Suite (subcomponent: Reschedule Sales Orders). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows… | ||
| CVE-2017-10285 | Cri | 0.63 | 9.6 | 0.03 | Oct 19, 2017 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network… | ||
| CVE-2017-12251 | Cri | 0.65 | 9.9 | 0.02 | Oct 19, 2017 | A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vulnerability is due to… | ||
| CVE-2015-5740 | Cri | 0.57 | 9.8 | 0.04 | Oct 18, 2017 | The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. | ||
| CVE-2015-5739 | Cri | 0.57 | 9.8 | 0.10 | Oct 18, 2017 | The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." | ||
| CVE-2015-5376 | Cri | 0.64 | 9.8 | 0.01 | Oct 18, 2017 | SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | ||
| CVE-2017-14322 | Cri | 0.70 | 9.8 | 0.37 | Oct 18, 2017 | The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value. | ||
| CVE-2017-15579 | Cri | 0.67 | 9.8 | 0.01 | Oct 18, 2017 | In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | ||
| CVE-2017-13999 | Cri | 0.64 | 9.8 | 0.03 | Oct 17, 2017 | A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be… | ||
| CVE-2017-15539 | Cri | 0.64 | 9.8 | 0.01 | Oct 17, 2017 | SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | ||
| CVE-2017-3761 | Cri | 0.64 | 9.8 | 0.04 | Oct 17, 2017 | The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution. | ||
| CVE-2017-3758 | Cri | 0.64 | 9.8 | 0.03 | Oct 17, 2017 | Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. | ||
| CVE-2017-8805 | Cri | 0.59 | 9.1 | 0.03 | Oct 17, 2017 | Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror. | ||
| CVE-2015-7806 | Cri | 0.57 | 9.8 | 0.06 | Oct 17, 2017 | Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors. |
- risk 0.57cvss 9.8epss 0.01
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
- risk 0.65cvss 9.8epss 0.16
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php.
- risk 0.67cvss 9.8epss 0.02
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
- risk 0.57cvss 9.8epss 0.04
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.68cvss 9.8epss 0.16
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a…
- risk 0.64cvss 9.8epss 0.01
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
- risk 0.64cvss 9.8epss 0.03
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
- risk 0.64cvss 9.8epss 0.04
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a…
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial…
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial…
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial…
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial…
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial…
- risk 0.64cvss 9.8epss 0.03
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
- risk 0.64cvss 9.8epss 0.04
pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.
- risk 0.64cvss 9.8epss 0.03
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
- risk 0.64cvss 9.8epss 0.02
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration…
- risk 0.64cvss 9.8epss 0.04
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to…
- risk 0.65cvss 10.0epss 0.02
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- risk 0.64cvss 9.9epss 0.01
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via…
- risk 0.65cvss 10.0epss 0.02
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- risk 0.64cvss 9.9epss 0.01
Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon…
- risk 0.70cvss 9.8epss 0.43
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network…
- risk 0.65cvss 9.9epss 0.06
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated…
- risk 0.63cvss 9.6epss 0.03
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network…
- risk 0.59cvss 9.1epss 0.03
Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Gantt Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with…
- risk 0.59cvss 9.1epss 0.03
Vulnerability in the Oracle Global Order Promising component of Oracle E-Business Suite (subcomponent: Reschedule Sales Orders). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…
- risk 0.63cvss 9.6epss 0.03
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network…
- risk 0.65cvss 9.9epss 0.02
A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vulnerability is due to…
- risk 0.57cvss 9.8epss 0.04
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
- risk 0.57cvss 9.8epss 0.10
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.
- risk 0.70cvss 9.8epss 0.37
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.
- risk 0.67cvss 9.8epss 0.01
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
- risk 0.64cvss 9.8epss 0.03
A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be…
- risk 0.64cvss 9.8epss 0.01
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
- risk 0.64cvss 9.8epss 0.04
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.
- risk 0.64cvss 9.8epss 0.03
Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.
- risk 0.59cvss 9.1epss 0.03
Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.
- risk 0.57cvss 9.8epss 0.06
Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors.