| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3222 | Cri | 0.64 | 9.8 | 0.07 | Jul 22, 2017 | Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager. | ||
| CVE-2017-3221 | Cri | 0.64 | 9.8 | 0.04 | Jul 22, 2017 | Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords. | ||
| CVE-2017-2277 | Cri | 0.59 | 9.1 | 0.01 | Jul 22, 2017 | WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. | ||
| CVE-2017-2126 | Cri | 0.64 | 9.8 | 0.04 | Jul 22, 2017 | WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. | ||
| CVE-2017-7540 | Cri | 0.64 | 9.8 | 0.02 | Jul 21, 2017 | rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation. | ||
| CVE-2017-7480 | Cri | 0.64 | 9.8 | 0.02 | Jul 21, 2017 | rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. | ||
| CVE-2017-11519 | Cri | 0.64 | 9.8 | 0.03 | Jul 21, 2017 | passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511. | ||
| CVE-2017-11517 | Cri | 0.69 | 9.8 | 0.29 | Jul 21, 2017 | Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request. | ||
| CVE-2015-3886 | Cri | 0.57 | 9.8 | 0.02 | Jul 21, 2017 | libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. | ||
| CVE-2017-9980 | Cri | 0.64 | 9.8 | 0.02 | Jul 21, 2017 | In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter. | ||
| CVE-2017-9932 | Cri | 0.64 | 9.8 | 0.01 | Jul 21, 2017 | Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. | ||
| CVE-2017-11502 | Cri | 0.67 | 9.8 | 0.07 | Jul 20, 2017 | Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321. | ||
| CVE-2017-11495 | Cri | 0.64 | 9.8 | 0.03 | Jul 20, 2017 | PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action. | ||
| CVE-2017-7062 | Cri | 0.64 | 9.8 | 0.04 | Jul 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows remote attackers to execute… | ||
| CVE-2017-6532 | Cri | 0.64 | 9.8 | 0.01 | Jul 20, 2017 | Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. | ||
| CVE-2017-6531 | Cri | 0.64 | 9.8 | 0.02 | Jul 20, 2017 | On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile. | ||
| CVE-2017-6530 | Cri | 0.64 | 9.8 | 0.01 | Jul 20, 2017 | Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. | ||
| CVE-2017-9785 | Cri | 0.64 | 9.8 | 0.03 | Jul 20, 2017 | Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie. | ||
| CVE-2017-6316 | Cri | 0.85 | 9.8 | 0.73 | KEV | Jul 20, 2017 | Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. | |
| CVE-2017-11474 | Cri | 0.64 | 9.8 | 0.01 | Jul 20, 2017 | GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. | ||
| CVE-2017-11471 | Cri | 0.67 | 9.8 | 0.01 | Jul 20, 2017 | IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter. | ||
| CVE-2017-11470 | Cri | 0.67 | 9.8 | 0.01 | Jul 20, 2017 | IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. | ||
| CVE-2017-11467 | Cri | 0.73 | 9.8 | 0.73 | Jul 20, 2017 | OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request. | ||
| CVE-2017-11465 | Cri | 0.64 | 9.8 | 0.02 | Jul 19, 2017 | The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have… | ||
| CVE-2017-7977 | Cri | 0.64 | 9.8 | 0.02 | Jul 19, 2017 | The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel. | ||
| CVE-2016-6798 | Cri | 0.57 | 9.8 | 0.04 | Jul 19, 2017 | In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to… | ||
| CVE-2017-11445 | Cri | 0.64 | 9.8 | 0.01 | Jul 19, 2017 | Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. | ||
| CVE-2017-11444 | Cri | 0.65 | 9.8 | 0.13 | Jul 19, 2017 | Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. | ||
| CVE-2017-11436 | Cri | 0.64 | 9.8 | 0.02 | Jul 19, 2017 | D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. | ||
| CVE-2017-11435 | Cri | 0.68 | 9.8 | 0.10 | Jul 19, 2017 | The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating… | ||
| CVE-2017-11420 | Cri | 0.64 | 9.8 | 0.06 | Jul 18, 2017 | Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,… | ||
| CVE-2017-11419 | Cri | 0.64 | 9.8 | 0.01 | Jul 18, 2017 | Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']. | ||
| CVE-2017-11418 | Cri | 0.64 | 9.8 | 0.01 | Jul 18, 2017 | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. | ||
| CVE-2017-11417 | Cri | 0.64 | 9.8 | 0.01 | Jul 18, 2017 | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id']. | ||
| CVE-2017-11416 | Cri | 0.64 | 9.8 | 0.01 | Jul 18, 2017 | Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. | ||
| CVE-2017-11415 | Cri | 0.64 | 9.8 | 0.01 | Jul 18, 2017 | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. | ||
| CVE-2017-11414 | Cri | 0.64 | 9.8 | 0.01 | Jul 18, 2017 | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. | ||
| CVE-2017-11413 | Cri | 0.64 | 9.8 | 0.01 | Jul 18, 2017 | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. | ||
| CVE-2017-11412 | Cri | 0.64 | 9.8 | 0.01 | Jul 18, 2017 | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. | ||
| CVE-2017-9811 | Cri | 0.68 | 9.8 | 0.10 | Jul 17, 2017 | The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root. | ||
| CVE-2017-10984 | Cri | 0.65 | 9.8 | 0.18 | Jul 17, 2017 | An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | ||
| CVE-2017-10979 | Cri | 0.65 | 9.8 | 0.22 | Jul 17, 2017 | An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | ||
| CVE-2017-8011 | Cri | 0.65 | 9.8 | 0.14 | Jul 17, 2017 | EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for… | ||
| CVE-2017-7673 | Cri | 0.64 | 9.8 | 0.02 | Jul 17, 2017 | Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. | ||
| CVE-2017-7664 | Cri | 0.65 | 10.0 | 0.02 | Jul 17, 2017 | Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | ||
| CVE-2017-2349 | Cri | 0.65 | 9.9 | 0.02 | Jul 17, 2017 | A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to… | ||
| CVE-2017-2345 | Cri | 0.64 | 9.8 | 0.04 | Jul 17, 2017 | On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition.… | ||
| CVE-2017-2343 | Cri | 0.65 | 10.0 | 0.03 | Jul 17, 2017 | The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services… | ||
| CVE-2017-2336 | Cri | 0.62 | 9.6 | 0.01 | Jul 17, 2017 | A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This… | ||
| CVE-2017-11362 | Cri | 0.64 | 9.8 | 0.03 | Jul 17, 2017 | In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact… |
- risk 0.64cvss 9.8epss 0.07
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
- risk 0.64cvss 9.8epss 0.04
Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.
- risk 0.59cvss 9.1epss 0.01
WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.
- risk 0.64cvss 9.8epss 0.04
WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.
- risk 0.64cvss 9.8epss 0.02
rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.
- risk 0.64cvss 9.8epss 0.02
rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.
- risk 0.64cvss 9.8epss 0.03
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
- risk 0.69cvss 9.8epss 0.29
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.
- risk 0.57cvss 9.8epss 0.02
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.
- risk 0.64cvss 9.8epss 0.02
In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter.
- risk 0.64cvss 9.8epss 0.01
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.
- risk 0.67cvss 9.8epss 0.07
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
- risk 0.64cvss 9.8epss 0.03
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows remote attackers to execute…
- risk 0.64cvss 9.8epss 0.01
Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.
- risk 0.64cvss 9.8epss 0.02
On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile.
- risk 0.64cvss 9.8epss 0.01
Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change.
- risk 0.64cvss 9.8epss 0.03
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.
- risk 0.85cvss 9.8epss 0.73
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
- risk 0.64cvss 9.8epss 0.01
GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
- risk 0.67cvss 9.8epss 0.01
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
- risk 0.67cvss 9.8epss 0.01
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
- risk 0.73cvss 9.8epss 0.73
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
- risk 0.64cvss 9.8epss 0.02
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have…
- risk 0.64cvss 9.8epss 0.02
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel.
- risk 0.57cvss 9.8epss 0.04
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to…
- risk 0.64cvss 9.8epss 0.01
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
- risk 0.65cvss 9.8epss 0.13
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
- risk 0.64cvss 9.8epss 0.02
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
- risk 0.68cvss 9.8epss 0.10
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating…
- risk 0.64cvss 9.8epss 0.06
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…
- risk 0.64cvss 9.8epss 0.01
Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].
- risk 0.64cvss 9.8epss 0.01
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].
- risk 0.64cvss 9.8epss 0.01
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id'].
- risk 0.64cvss 9.8epss 0.01
Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.
- risk 0.64cvss 9.8epss 0.01
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].
- risk 0.64cvss 9.8epss 0.01
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id'].
- risk 0.64cvss 9.8epss 0.01
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id'].
- risk 0.64cvss 9.8epss 0.01
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id'].
- risk 0.68cvss 9.8epss 0.10
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
- risk 0.65cvss 9.8epss 0.18
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
- risk 0.65cvss 9.8epss 0.22
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
- risk 0.65cvss 9.8epss 0.14
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for…
- risk 0.64cvss 9.8epss 0.02
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
- risk 0.65cvss 10.0epss 0.02
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
- risk 0.65cvss 9.9epss 0.02
A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to…
- risk 0.64cvss 9.8epss 0.04
On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition.…
- risk 0.65cvss 10.0epss 0.03
The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services…
- risk 0.62cvss 9.6epss 0.01
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This…
- risk 0.64cvss 9.8epss 0.03
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact…