Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6878 | 1 Botan Project | 1 Botan | 2017-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang. | |||||
| CVE-2015-7826 | 1 Botan Project | 1 Botan | 2017-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. | |||||
| CVE-2016-5068 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | |||||
| CVE-2016-5070 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |||||
| CVE-2016-5069 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | |||||
| CVE-2016-5066 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 10.0 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | |||||
| CVE-2016-5065 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | |||||
| CVE-2016-5053 | 1 Osram | 1 Lightify Home | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. | |||||
| CVE-2015-2882 | 1 Philips | 1 In.sight B120\\37 | 2017-04-14 | 10.0 HIGH | 9.8 CRITICAL |
| Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. | |||||
| CVE-2015-7271 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. | |||||
| CVE-2015-7272 | 1 Dell | 4 Integrated Remote Access Controller 6, Integrated Remote Access Controller 7, Integrated Remote Access Controller 8 and 1 more | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input. | |||||
| CVE-2015-7273 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | |||||
| CVE-2015-2885 | 1 Lens Laboratories | 2 Peek-a-view, Peek-a-view Firmware | 2017-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | |||||
| CVE-2007-6760 | 1 Dataprobe | 2 Ibootbar, Ibootbar Firmware | 2017-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie. | |||||
| CVE-2007-6759 | 1 Dataprobe | 2 Ibootbar, Ibootbar Firmware | 2017-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie. | |||||
| CVE-2015-2887 | 1 Ibaby | 2 M3s Baby Monitor, M3s Baby Monitor Firmware | 2017-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| iBaby M3S has a password of admin for the backdoor admin account. | |||||
| CVE-2015-2881 | 1 Gynoii | 3 Gcw-1010, Gcw-1020, Gpw-1025 | 2017-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | |||||
| CVE-2017-7581 | 1 News System Project | 1 News System | 2017-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | |||||
| CVE-2017-6513 | 1 Softaculous | 2 Virtualizor, Whmcs Reseller Module | 2017-04-13 | 6.5 MEDIUM | 9.9 CRITICAL |
| The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. | |||||
| CVE-2014-3928 | 1 Lg Project | 1 Lg | 2017-04-11 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. | |||||
| CVE-2017-5949 | 1 Apple | 1 Safari | 2017-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm. | |||||
| CVE-2014-3927 | 1 Mrlg4php Project | 1 Mrlg4php | 2017-04-10 | 7.5 HIGH | 9.8 CRITICAL |
| mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | |||||
| CVE-2016-10312 | 1 Jensenofscandinavia | 6 Al3g, Al3g Firmware, Al5000ac and 3 more | 2017-04-10 | 10.0 HIGH | 9.8 CRITICAL |
| Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages. | |||||
| CVE-2016-5062 | 1 Aternity | 1 Aternity | 2017-04-10 | 9.3 HIGH | 9.8 CRITICAL |
| The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans. | |||||
| CVE-2017-2477 | 1 Apple | 1 Mac Os X | 2017-04-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-9693 | 1 Huawei | 64 Tecal Bh620 V2, Tecal Bh620 V2 Firmware, Tecal Bh621 V2 and 61 more | 2017-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to execute arbitrary code or restart the system via crafted DNS packets. | |||||
| CVE-2016-10309 | 1 Ceragon | 2 Fibeair Ip-10, Fibeair Ip-10 Firmware | 2017-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. | |||||
| CVE-2016-4119 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-04-05 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105. | |||||
| CVE-2016-6111 | 1 Ibm | 1 Curam Social Program Management | 2017-04-04 | 8.5 HIGH | 9.1 CRITICAL |
| IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. | |||||
| CVE-2014-3931 | 1 Multi-router Looking Glass Project | 1 Multi-router Looking Glass | 2017-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. | |||||
| CVE-2008-7313 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2017-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | |||||
| CVE-2014-5008 | 3 Debian, Redhat, Snoopy | 3 Debian Linux, Openstack, Snoopy | 2017-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| Snoopy allows remote attackers to execute arbitrary commands. | |||||
| CVE-2015-5729 | 1 Samsung | 21 M288ofw, M288ofw Firmware, Nt14u Cn and 18 more | 2017-04-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack. | |||||
| CVE-2016-6807 | 1 Apache | 1 Ambari | 2017-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process. | |||||
| CVE-2016-10306 | 1 Trango | 4 A600-19-us, A600-25-us, A600-ext-us and 1 more | 2017-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |||||
| CVE-2016-10308 | 1 Siklu | 7 Etherhaul-5500fd, Etherhaul 500tx, Etherhaul 60ghz V-band Radio and 4 more | 2017-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. | |||||
| CVE-2014-9826 | 1 Imagemagick | 1 Imagemagick | 2017-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. | |||||
| CVE-2015-0855 | 1 Pitivi | 1 Pitivi | 2017-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | |||||
| CVE-2016-9020 | 1 Exponentcms | 1 Exponent Cms | 2017-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2016-9087 | 1 Exponentcms | 1 Exponent Cms | 2017-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. | |||||
| CVE-2014-6440 | 1 Videolan | 1 Vlc | 2017-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. | |||||
| CVE-2016-9019 | 1 Exponentcms | 1 Exponent Cms | 2017-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. | |||||
| CVE-2016-7789 | 1 Exponentcms | 1 Exponent Cms | 2017-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | |||||
| CVE-2016-7788 | 1 Exponentcms | 1 Exponent Cms | 2017-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2017-7191 | 1 Irssi | 1 Irssi | 2017-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2017-7230 | 1 Disksorter | 1 Disk Sorter | 2017-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. | |||||
| CVE-2016-7780 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2016-7782 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | |||||
| CVE-2016-7783 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
| CVE-2016-7781 | 1 Exponentcms | 1 Exponent Cms | 2017-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. | |||||