| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9458 | Cri | 0.64 | 9.8 | 0.02 | Sep 7, 2017 | XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a… | ||
| CVE-2017-13771 | Cri | 0.64 | 9.8 | 0.03 | Sep 7, 2017 | Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)… | ||
| CVE-2016-10405 | Cri | 0.64 | 9.8 | 0.02 | Sep 7, 2017 | Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. | ||
| CVE-2015-3442 | Cri | 0.64 | 9.8 | 0.03 | Sep 7, 2017 | Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. | ||
| CVE-2015-7241 | Cri | 0.68 | 9.8 | 0.12 | Sep 6, 2017 | XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | ||
| CVE-2015-5959 | Cri | 0.57 | 9.8 | 0.03 | Sep 6, 2017 | Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. | ||
| CVE-2016-3086 | Cri | 0.64 | 9.8 | 0.04 | Sep 5, 2017 | The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. | ||
| CVE-2017-14145 | Cri | 0.64 | 9.8 | 0.01 | Sep 5, 2017 | HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. | ||
| CVE-2017-14138 | Cri | 0.64 | 9.8 | 0.02 | Sep 4, 2017 | ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. | ||
| CVE-2017-14135 | Cri | 0.65 | 9.8 | 0.22 | Sep 4, 2017 | enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI. | ||
| CVE-2017-14127 | Cri | 0.64 | 9.8 | 0.03 | Sep 4, 2017 | Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. | ||
| CVE-2017-14122 | Cri | 0.59 | 9.1 | 0.02 | Sep 3, 2017 | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. | ||
| CVE-2017-14100 | Cri | 0.65 | 9.8 | 0.15 | Sep 2, 2017 | In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is… | ||
| CVE-2017-12873 | Cri | 0.57 | 9.8 | 0.02 | Sep 1, 2017 | SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. | ||
| CVE-2017-3897 | Cri | 0.68 | 9.8 | 0.12 | Sep 1, 2017 | A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP… | ||
| CVE-2017-12868 | Cri | 0.57 | 9.8 | 0.02 | Sep 1, 2017 | The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR… | ||
| CVE-2015-7746 | Cri | 0.64 | 9.8 | 0.02 | Sep 1, 2017 | NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | ||
| CVE-2015-7700 | Cri | 0.64 | 9.8 | 0.02 | Aug 31, 2017 | Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors. | ||
| CVE-2017-0899 | Cri | 0.58 | 9.8 | 0.11 | Aug 31, 2017 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. | ||
| CVE-2017-14076 | Cri | 0.64 | 9.8 | 0.01 | Aug 31, 2017 | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. | ||
| CVE-2017-14069 | Cri | 0.64 | 9.8 | 0.01 | Aug 31, 2017 | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. | ||
| CVE-2017-14064 | Cri | 0.64 | 9.8 | 0.09 | Aug 31, 2017 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of… | ||
| CVE-2017-14062 | Cri | 0.64 | 9.8 | 0.04 | Aug 31, 2017 | Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | ||
| CVE-2017-14061 | Cri | 0.64 | 9.8 | 0.02 | Aug 31, 2017 | Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | ||
| CVE-2017-13708 | Cri | 0.68 | 9.8 | 0.12 | Aug 31, 2017 | Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request. | ||
| CVE-2017-14035 | Cri | 0.64 | 9.8 | 0.02 | Aug 30, 2017 | CrushFTP 8.x before 8.2.0 has a serialization vulnerability. | ||
| CVE-2017-12708 | Cri | 0.64 | 9.8 | 0.03 | Aug 30, 2017 | An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which… | ||
| CVE-2017-12706 | Cri | 0.64 | 9.8 | 0.03 | Aug 30, 2017 | A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based… | ||
| CVE-2017-12698 | Cri | 0.64 | 9.8 | 0.05 | Aug 30, 2017 | An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution. | ||
| CVE-2013-7426 | Cri | 0.64 | 9.8 | 0.02 | Aug 29, 2017 | Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | ||
| CVE-2017-12865 | Cri | 0.64 | 9.8 | 0.06 | Aug 29, 2017 | Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. | ||
| CVE-2015-8299 | Cri | 0.64 | 9.8 | 0.06 | Aug 29, 2017 | Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet. | ||
| CVE-2015-7517 | Cri | 0.64 | 9.8 | 0.04 | Aug 29, 2017 | Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/. | ||
| CVE-2017-1376 | Cri | 0.64 | 9.8 | 0.03 | Aug 29, 2017 | A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873. | ||
| CVE-2017-13715 | Cri | 0.64 | 9.8 | 0.10 | Aug 29, 2017 | The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a… | ||
| CVE-2017-10842 | Cri | 0.64 | 9.8 | 0.02 | Aug 29, 2017 | SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2017-10833 | Cri | 0.59 | 9.1 | 0.02 | Aug 29, 2017 | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. | ||
| CVE-2017-10832 | Cri | 0.64 | 9.8 | 0.03 | Aug 29, 2017 | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-8380 | Cri | 0.64 | 9.8 | 0.04 | Aug 28, 2017 | Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. | ||
| CVE-2015-1430 | Cri | 0.64 | 9.8 | 0.01 | Aug 28, 2017 | Buffer overflow in xymon 4.3.17-1. | ||
| CVE-2015-1401 | Cri | 0.64 | 9.8 | 0.03 | Aug 28, 2017 | Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | ||
| CVE-2014-9558 | Cri | 0.67 | 9.8 | 0.04 | Aug 28, 2017 | Multiple SQL injection vulnerabilities in SmartCMS v.2. | ||
| CVE-2014-9513 | Cri | 0.64 | 9.8 | 0.04 | Aug 28, 2017 | Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. | ||
| CVE-2014-8428 | Cri | 0.64 | 9.8 | 0.02 | Aug 28, 2017 | Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. | ||
| CVE-2014-8426 | Cri | 0.64 | 9.8 | 0.02 | Aug 28, 2017 | Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | ||
| CVE-2013-0870 | Cri | 0.64 | 9.8 | 0.01 | Aug 28, 2017 | The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | ||
| CVE-2017-13707 | Cri | 0.64 | 9.8 | 0.03 | Aug 27, 2017 | Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd. | ||
| CVE-2017-12816 | Cri | 0.64 | 9.8 | 0.02 | Aug 25, 2017 | In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | ||
| CVE-2017-12707 | Cri | 0.64 | 9.8 | 0.03 | Aug 25, 2017 | A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. | ||
| CVE-2014-7859 | Cri | 0.65 | 9.8 | 0.21 | Aug 25, 2017 | Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and… |
- risk 0.64cvss 9.8epss 0.02
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a…
- risk 0.64cvss 9.8epss 0.03
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)…
- risk 0.64cvss 9.8epss 0.02
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.
- risk 0.64cvss 9.8epss 0.03
Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call.
- risk 0.68cvss 9.8epss 0.12
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
- risk 0.57cvss 9.8epss 0.03
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
- risk 0.64cvss 9.8epss 0.04
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
- risk 0.64cvss 9.8epss 0.01
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
- risk 0.64cvss 9.8epss 0.02
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
- risk 0.65cvss 9.8epss 0.22
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.
- risk 0.64cvss 9.8epss 0.03
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.
- risk 0.59cvss 9.1epss 0.02
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
- risk 0.65cvss 9.8epss 0.15
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is…
- risk 0.57cvss 9.8epss 0.02
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
- risk 0.68cvss 9.8epss 0.12
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP…
- risk 0.57cvss 9.8epss 0.02
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR…
- risk 0.64cvss 9.8epss 0.02
NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.
- risk 0.64cvss 9.8epss 0.02
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.
- risk 0.58cvss 9.8epss 0.11
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
- risk 0.64cvss 9.8epss 0.01
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
- risk 0.64cvss 9.8epss 0.01
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
- risk 0.64cvss 9.8epss 0.09
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of…
- risk 0.64cvss 9.8epss 0.04
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.02
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
- risk 0.68cvss 9.8epss 0.12
Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request.
- risk 0.64cvss 9.8epss 0.02
CrushFTP 8.x before 8.2.0 has a serialization vulnerability.
- risk 0.64cvss 9.8epss 0.03
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which…
- risk 0.64cvss 9.8epss 0.03
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based…
- risk 0.64cvss 9.8epss 0.05
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.
- risk 0.64cvss 9.8epss 0.02
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.
- risk 0.64cvss 9.8epss 0.06
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
- risk 0.64cvss 9.8epss 0.06
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
- risk 0.64cvss 9.8epss 0.04
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/.
- risk 0.64cvss 9.8epss 0.03
A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.
- risk 0.64cvss 9.8epss 0.10
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a…
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.59cvss 9.1epss 0.02
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors.
- risk 0.64cvss 9.8epss 0.03
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.04
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
- risk 0.64cvss 9.8epss 0.01
Buffer overflow in xymon 4.3.17-1.
- risk 0.64cvss 9.8epss 0.03
Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3.
- risk 0.67cvss 9.8epss 0.04
Multiple SQL injection vulnerabilities in SmartCMS v.2.
- risk 0.64cvss 9.8epss 0.04
Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.02
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.
- risk 0.64cvss 9.8epss 0.02
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.
- risk 0.64cvss 9.8epss 0.01
The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.
- risk 0.64cvss 9.8epss 0.03
Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd.
- risk 0.64cvss 9.8epss 0.02
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.
- risk 0.64cvss 9.8epss 0.03
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.
- risk 0.65cvss 9.8epss 0.21
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and…