Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3089 | 1 Adobe | 1 Digital Editions | 2017-07-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3088 | 1 Adobe | 1 Digital Editions | 2017-07-08 | 10.0 HIGH | 10.0 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3096 | 1 Adobe | 1 Digital Editions | 2017-07-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character code mapping module. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3095 | 1 Adobe | 1 Digital Editions | 2017-07-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3094 | 1 Adobe | 1 Digital Editions | 2017-07-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3093 | 1 Adobe | 1 Digital Editions | 2017-07-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the bitmap representation module. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3098 | 1 Adobe | 1 Captivate | 2017-07-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server. | |||||
| CVE-2017-6131 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 6 more | 2017-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. | |||||
| CVE-2017-7903 | 1 Rockwellautomation | 21 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 18 more | 2017-07-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password. | |||||
| CVE-2017-0223 | 1 Microsoft | 1 Edge | 2017-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252. | |||||
| CVE-2017-7317 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2017-07-07 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin. | |||||
| CVE-2017-4989 | 1 Emc | 1 Avamar Server | 2017-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows. | |||||
| CVE-2017-4990 | 1 Emc | 1 Avamar Server | 2017-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | |||||
| CVE-2017-9848 | 1 Easysitecms | 1 Easysite | 2017-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. | |||||
| CVE-2017-9466 | 1 Tp-link | 2 Wr841n V8, Wr841n V8 Firmware | 2017-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces. | |||||
| CVE-2017-10670 | 1 Xoev | 1 Osci Transport Library | 2017-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure. | |||||
| CVE-2017-9097 | 1 Hoytech | 1 Antiweb | 2017-07-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file. | |||||
| CVE-2017-9246 | 1 Newrelic | 1 .net Agent | 2017-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. | |||||
| CVE-2016-5411 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2017-07-05 | 10.0 HIGH | 9.8 CRITICAL |
| /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | |||||
| CVE-2017-9830 | 1 Code42 | 1 Crashplan | 2017-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients. | |||||
| CVE-2015-1778 | 1 Opendaylight | 1 Opendaylight | 2017-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. | |||||
| CVE-2017-2805 | 1 Foscam | 2 C1 Hd Indoor Camera, C1 Hd Indoor Camera Firmware | 2017-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simply send an http request to the device to trigger this vulnerability. | |||||
| CVE-2016-8731 | 1 Foscam | 2 C1 Webcam, C1 Webcam Firmware | 2017-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. | |||||
| CVE-2017-2773 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2017-07-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue. | |||||
| CVE-2016-9849 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-7944 | 2 Fedoraproject, X.org | 2 Fedora, Libxfixes | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. | |||||
| CVE-2016-7953 | 2 Fedoraproject, X.org | 2 Fedora, Libxvmc | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. | |||||
| CVE-2016-6629 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-9866 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-7949 | 2 Fedoraproject, X.org | 2 Fedora, Libxrender | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. | |||||
| CVE-2016-6525 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. | |||||
| CVE-2016-7948 | 2 Fedoraproject, X.org | 2 Fedora, Libxrandr | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. | |||||
| CVE-2016-7950 | 2 Fedoraproject, X.org | 2 Fedora, Libxrender | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. | |||||
| CVE-2016-7947 | 2 Fedoraproject, X.org | 2 Fedora, Libxrandr | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. | |||||
| CVE-2016-7405 | 3 Adodb Project, Fedoraproject, Php | 3 Adodb, Fedora, Php | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. | |||||
| CVE-2015-8557 | 2 Canonical, Pygments | 2 Ubuntu Linux, Pygments | 2017-07-01 | 9.3 HIGH | 9.0 CRITICAL |
| The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. | |||||
| CVE-2013-7459 | 2 Dlitz, Fedoraproject | 2 Pycrypto, Fedora | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | |||||
| CVE-2016-4009 | 1 Python | 1 Pillow | 2017-07-01 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-5140 | 1 Google | 1 Chrome | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. | |||||
| CVE-2016-5142 | 1 Google | 1 Chrome | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. | |||||
| CVE-2016-5143 | 1 Google | 1 Chrome | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. | |||||
| CVE-2016-5144 | 1 Google | 1 Chrome | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143. | |||||
| CVE-2016-5146 | 1 Google | 1 Chrome | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-2195 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2017-07-01 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-5108 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | |||||
| CVE-2015-8949 | 2 Dbd-mysql Project, Debian | 2 Dbd-mysql, Debian Linux | 2017-07-01 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login. | |||||
| CVE-2016-5407 | 2 Fedoraproject, X.org | 2 Fedora, Libxv | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. | |||||
| CVE-2016-5734 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. | |||||
| CVE-2017-9424 | 1 Ideablade | 1 Breeze.server.net | 2017-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization. | |||||
| CVE-2017-9741 | 1 Projectsend | 1 Projectsend | 2017-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. | |||||