Vendor
Products
1,025
CVEs
2,703
Across products
2,714
Status
Private
Products
1,025- 105 CVEs
- 60 CVEs
- 53 CVEs
- 45 CVEs
- 40 CVEs
- 36 CVEs
- 34 CVEs
- 33 CVEs
- 28 CVEs
- 27 CVEs
- 26 CVEs
- 23 CVEs
- 23 CVEs
- 22 CVEs
- 22 CVEs
- 21 CVEs
- 19 CVEs
- 19 CVEs
- 18 CVEs
- 18 CVEs
- 18 CVEs
- 17 CVEs
- 14 CVEs
- 14 CVEs
- 14 CVEs
- 14 CVEs
- 13 CVEs
- 13 CVEs
- 13 CVEs
- 13 CVEs
- + 995 more — see CVE list below for full coverage.
Recent CVEs
2,703| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5791 | Cri | 0.69 | 9.8 | 0.64 | Oct 11, 2017 | The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | |
| CVE-2017-9629 | Cri | 0.65 | 9.8 | 0.20 | Jul 7, 2017 | A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account. | |
| CVE-2017-2973 | Cri | 0.65 | 9.8 | 0.13 | Feb 15, 2017 | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |
| CVE-2017-5145 | Cri | 0.65 | 10.0 | 0.00 | Feb 13, 2017 | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | |
| CVE-2017-16725 | Cri | 0.64 | 9.8 | 0.09 | Dec 20, 2017 | A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible. | |
| CVE-2017-11294 | Cri | 0.64 | 9.8 | 0.03 | Dec 9, 2017 | An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |
| CVE-2017-8818 | Cri | 0.64 | 9.8 | 0.01 | Nov 29, 2017 | curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. | |
| CVE-2017-12739 | Cri | 0.64 | 9.8 | 0.03 | Nov 15, 2017 | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device. | |
| CVE-2017-14027 | Cri | 0.64 | 9.8 | 0.00 | Nov 1, 2017 | A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access. | |
| CVE-2017-14021 | Cri | 0.64 | 9.8 | 0.00 | Nov 1, 2017 | A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks. | |
| CVE-2017-8015 | Cri | 0.64 | 9.8 | 0.01 | Sep 12, 2017 | EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |
| CVE-2017-12708 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2017 | An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash. | |
| CVE-2017-12706 | Cri | 0.64 | 9.8 | 0.02 | Aug 30, 2017 | A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | |
| CVE-2017-12698 | Cri | 0.64 | 9.8 | 0.05 | Aug 30, 2017 | An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution. | |
| CVE-2017-9939 | Cri | 0.64 | 9.8 | 0.02 | Aug 8, 2017 | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations. | |
| CVE-2017-4976 | Cri | 0.64 | 9.8 | 0.01 | Jul 9, 2017 | EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server. | |
| CVE-2017-7919 | Cri | 0.64 | 9.8 | 0.01 | Jul 3, 2017 | An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL). | |
| CVE-2017-7905 | Cri | 0.64 | 9.8 | 0.00 | Jun 30, 2017 | A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. | |
| CVE-2017-4989 | Cri | 0.64 | 9.8 | 0.03 | Jun 21, 2017 | In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows. | |
| CVE-2017-7432 | Cri | 0.64 | 9.8 | 0.01 | May 3, 2017 | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. |