Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16086 | 1 Ua-parser Project | 1 Ua-parser | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header. | |||||
| CVE-2017-16089 | 1 Serverlyr Project | 1 Serverlyr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16107 | 1 Pooledwebsocket Project | 1 Pooledwebsocket | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16108 | 1 Gaoxiaotingtingting Project | 1 Gaoxiaotingtingting | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16110 | 1 Weather.swlyons Project | 1 Weather.swlyons | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16111 | 1 Content Project | 1 Content | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header. | |||||
| CVE-2017-16124 | 1 Node-server-forfront Project | 1 Node-server-forfront | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16125 | 1 Rtcmulticonnection-client Project | 1 Rtcmulticonnection-client | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16138 | 1 Mime Project | 1 Mime | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. | |||||
| CVE-2017-16139 | 1 Jikes Project | 1 Jikes | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions. | |||||
| CVE-2017-16140 | 1 Lab6.brit95 Project | 1 Lab6.brit95 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16141 | 1 Lab6drewfusbyu Project | 1 Lab6drewfusbyu | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16154 | 1 Earlybird Project | 1 Earlybird | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| earlybird is a web server module for early development. earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16155 | 1 Fast-http-cli Project | 1 Fast-http-cli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16157 | 1 Censorify.tanisjr Project | 1 Censorify.tanisjr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16204 | 1 Jquey Project | 1 Jquey | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16174 | 1 Whispercast Project | 1 Whispercast | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16175 | 1 Ewgaddis.lab6 Project | 1 Ewgaddis.lab6 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16176 | 1 Jansenstuffpleasework Project | 1 Jansenstuffpleasework | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16177 | 1 Chatbyvista Project | 1 Chatbyvista | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16186 | 1 360class.jansenhm Project | 1 360class.jansenhm | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| 360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16187 | 1 Open-device Project | 1 Open-device | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16188 | 1 Reecerver Project | 1 Reecerver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16189 | 1 Sly07 Project | 1 Sly07 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16199 | 1 Susu-sum Project | 1 Susu-sum | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16200 | 1 Uv-tj-demo Project | 1 Uv-tj-demo | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16201 | 1 Zjjserver Project | 1 Zjjserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16216 | 1 Tencent-server Project | 1 Tencent-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16217 | 1 Webrtc-experiment | 1 Fbr-client | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16218 | 1 Dgard8.lab6 Project | 1 Dgard8.lab6 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16219 | 1 Yttivy Project | 1 Yttivy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-12712 | 1 Abbott | 14 Accent, Accent Firmware, Accent Mri and 11 more | 2019-10-09 | 8.3 HIGH | 8.8 HIGH |
| The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. | |||||
| CVE-2017-14029 | 1 Trihedral | 1 Vtscada | 2019-10-09 | 9.3 HIGH | 7.8 HIGH |
| An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. | |||||
| CVE-2017-13998 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2019-10-09 | 6.0 MEDIUM | 7.5 HIGH |
| An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access. | |||||
| CVE-2017-14030 | 1 Moxa | 1 Mxview | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. | |||||
| CVE-2017-12730 | 1 Myscada | 1 Mypro | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. | |||||
| CVE-2017-12713 | 1 Advantech | 1 Webaccess | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. | |||||
| CVE-2017-14031 | 1 Trihedral | 1 Vtscada | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine. | |||||
| CVE-2017-14026 | 1 Iceqube | 2 Thermal Management Center, Thermal Management Center Firmware | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. | |||||
| CVE-2017-13083 | 1 Rufus Project | 1 Rufus | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | |||||
| CVE-2017-13100 | 1 Distinctdev | 1 The Moron Test | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
| CVE-2017-13996 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. | |||||
| CVE-2017-13101 | 1 Tiktok | 1 Musical.ly | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
| CVE-2017-13102 | 1 Gameloft | 1 Asphalt Xtreme | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | |||||
| CVE-2017-13992 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution. | |||||
| CVE-2017-13993 | 1 I-sens | 1 Smartlog Diabetes Management Software | 2019-10-09 | 9.3 HIGH | 7.8 HIGH |
| An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient. | |||||
| CVE-2017-14001 | 1 Digium | 1 Asterisk Gui | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. | |||||
| CVE-2017-14028 | 1 Moxa | 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets. | |||||
| CVE-2017-13093 | 1 - | 1 - | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. | |||||