| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9968 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. | ||
| CVE-2014-9411 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. | ||
| CVE-2017-12776 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | ||
| CVE-2017-12582 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. | ||
| CVE-2015-1817 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2017 | Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors. | ||
| CVE-2017-12943 | Cri | 0.70 | 9.8 | 0.39 | Aug 18, 2017 | D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | ||
| CVE-2017-7278 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2017 | Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. | ||
| CVE-2017-12942 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2017 | libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | ||
| CVE-2017-12941 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2017 | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | ||
| CVE-2017-12940 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2017 | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | ||
| CVE-2017-12939 | Cri | 0.64 | 9.8 | 0.05 | Aug 18, 2017 | A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. | ||
| CVE-2017-12933 | Cri | 0.64 | 9.8 | 0.07 | Aug 18, 2017 | The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of… | ||
| CVE-2017-12932 | Cri | 0.64 | 9.8 | 0.07 | Aug 18, 2017 | ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this… | ||
| CVE-2017-12910 | Cri | 0.64 | 9.8 | 0.01 | Aug 17, 2017 | SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. | ||
| CVE-2017-12909 | Cri | 0.64 | 9.8 | 0.01 | Aug 17, 2017 | SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | ||
| CVE-2017-12908 | Cri | 0.64 | 9.8 | 0.01 | Aug 17, 2017 | SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. | ||
| CVE-2017-7555 | Cri | 0.64 | 9.8 | 0.05 | Aug 17, 2017 | Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible… | ||
| CVE-2011-0469 | Cri | 0.57 | 9.8 | 0.02 | Aug 17, 2017 | Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | ||
| CVE-2017-7551 | Cri | 0.64 | 9.8 | 0.01 | Aug 16, 2017 | 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | ||
| CVE-2017-7546 | Cri | 0.69 | 9.8 | 0.62 | Aug 16, 2017 | PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. | ||
| CVE-2017-8248 | Cri | 0.64 | 9.8 | 0.03 | Aug 16, 2017 | A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. | ||
| CVE-2017-9653 | Cri | 0.64 | 9.8 | 0.02 | Aug 14, 2017 | An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while… | ||
| CVE-2017-9800 | Cri | 0.65 | 9.8 | 0.19 | Aug 11, 2017 | A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server… | ||
| CVE-2015-3616 | Cri | 0.64 | 9.8 | 0.02 | Aug 11, 2017 | SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. | ||
| CVE-2017-3124 | Cri | 0.64 | 9.8 | 0.08 | Aug 11, 2017 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to… | ||
| CVE-2017-3108 | Cri | 0.64 | 9.8 | 0.09 | Aug 11, 2017 | Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | ||
| CVE-2017-11274 | Cri | 0.64 | 9.8 | 0.09 | Aug 11, 2017 | Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-8658 | Cri | 0.58 | 9.8 | 0.20 | Aug 11, 2017 | A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | ||
| CVE-2016-5018 | Cri | 0.53 | 9.1 | 0.10 | Aug 10, 2017 | In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. | ||
| CVE-2017-12774 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database | ||
| CVE-2017-12762 | Cri | 0.64 | 9.8 | 0.05 | Aug 9, 2017 | In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree. | ||
| CVE-2015-6816 | Cri | 0.64 | 9.8 | 0.04 | Aug 9, 2017 | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | ||
| CVE-2015-2311 | Cri | 0.57 | 9.8 | 0.03 | Aug 9, 2017 | Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message. | ||
| CVE-2015-2310 | Cri | 0.52 | 9.1 | 0.02 | Aug 9, 2017 | Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation. | ||
| CVE-2015-1820 | Cri | 0.64 | 9.8 | 0.04 | Aug 9, 2017 | REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect. | ||
| CVE-2015-0786 | Cri | 0.66 | 9.8 | 0.24 | Aug 9, 2017 | Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2015-0782 | Cri | 0.64 | 9.8 | 0.07 | Aug 9, 2017 | SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2015-0781 | Cri | 0.64 | 9.8 | 0.04 | Aug 9, 2017 | Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | ||
| CVE-2015-0780 | Cri | 0.64 | 9.8 | 0.08 | Aug 9, 2017 | SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2012-2781 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. | ||
| CVE-2012-2780 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. | ||
| CVE-2012-2778 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. | ||
| CVE-2012-2773 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | ||
| CVE-2012-2771 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | ||
| CVE-2015-6941 | Cri | 0.57 | 9.8 | 0.02 | Aug 9, 2017 | win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. | ||
| CVE-2012-0803 | Cri | 0.64 | 9.8 | 0.04 | Aug 8, 2017 | The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. | ||
| CVE-2010-3845 | Cri | 0.64 | 9.8 | 0.02 | Aug 8, 2017 | libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log. | ||
| CVE-2017-3632 | Cri | 0.64 | 9.8 | 0.04 | Aug 8, 2017 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris.… | ||
| CVE-2017-11153 | Cri | 0.68 | 9.8 | 0.19 | Aug 8, 2017 | Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. | ||
| CVE-2017-11151 | Cri | 0.69 | 9.8 | 0.25 | Aug 8, 2017 | A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. |
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
- risk 0.64cvss 9.8epss 0.01
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.
- risk 0.64cvss 9.8epss 0.02
Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.
- risk 0.70cvss 9.8epss 0.39
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors.
- risk 0.64cvss 9.8epss 0.02
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
- risk 0.64cvss 9.8epss 0.02
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
- risk 0.64cvss 9.8epss 0.02
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
- risk 0.64cvss 9.8epss 0.05
A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.
- risk 0.64cvss 9.8epss 0.07
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of…
- risk 0.64cvss 9.8epss 0.07
ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this…
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
- risk 0.64cvss 9.8epss 0.05
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible…
- risk 0.57cvss 9.8epss 0.02
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.
- risk 0.64cvss 9.8epss 0.01
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
- risk 0.69cvss 9.8epss 0.62
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
- risk 0.64cvss 9.8epss 0.03
A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.
- risk 0.64cvss 9.8epss 0.02
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while…
- risk 0.65cvss 9.8epss 0.19
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server…
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
- risk 0.64cvss 9.8epss 0.08
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to…
- risk 0.64cvss 9.8epss 0.09
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
- risk 0.64cvss 9.8epss 0.09
Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 9.8epss 0.20
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
- risk 0.53cvss 9.1epss 0.10
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
- risk 0.64cvss 9.8epss 0.02
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
- risk 0.64cvss 9.8epss 0.05
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
- risk 0.64cvss 9.8epss 0.04
ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
- risk 0.57cvss 9.8epss 0.03
Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.
- risk 0.52cvss 9.1epss 0.02
Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.
- risk 0.64cvss 9.8epss 0.04
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
- risk 0.66cvss 9.8epss 0.24
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.64cvss 9.8epss 0.07
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.04
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.
- risk 0.64cvss 9.8epss 0.08
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
- risk 0.57cvss 9.8epss 0.02
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
- risk 0.64cvss 9.8epss 0.04
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
- risk 0.64cvss 9.8epss 0.02
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.
- risk 0.64cvss 9.8epss 0.04
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris.…
- risk 0.68cvss 9.8epss 0.19
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
- risk 0.69cvss 9.8epss 0.25
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.