Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2218 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2017-07-14 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2225 | 1 Mext | 1 Ebidsettingchecker | 2017-07-14 | 6.8 MEDIUM | 9.8 CRITICAL |
| Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2230 | 1 Nilim | 1 Road Construction Completion Diagram Check Program | 2017-07-14 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-11181 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2017-07-14 | 3.5 LOW | 5.4 MEDIUM |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. | |||||
| CVE-2017-11182 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2017-07-14 | 3.5 LOW | 5.4 MEDIUM |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. | |||||
| CVE-2017-2238 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2017-07-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-2236 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2017-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges. | |||||
| CVE-2017-2237 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2017-07-14 | 10.0 HIGH | 9.8 CRITICAL |
| Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-2243 | 1 Dfactory | 1 Responsive Lightbox | 2017-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-0377 | 1 Torproject | 1 Tor | 2017-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. | |||||
| CVE-2017-1096 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656. | |||||
| CVE-2017-1258 | 1 Ibm | 1 Security Guardium | 2017-07-14 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 | |||||
| CVE-2017-6734 | 1 Cisco | 1 Identity Services Engine | 2017-07-14 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800). | |||||
| CVE-2017-8559 | 1 Microsoft | 1 Exchange Server | 2017-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560. | |||||
| CVE-2017-8560 | 1 Microsoft | 1 Exchange Server | 2017-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559. | |||||
| CVE-2015-3297 | 1 Etherpad | 1 Etherpad | 2017-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests. | |||||
| CVE-2017-8606 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2017-07-14 | 7.6 HIGH | 7.5 HIGH |
| Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609 | |||||
| CVE-2017-8607 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2017-07-14 | 7.6 HIGH | 7.5 HIGH |
| Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609 | |||||
| CVE-2017-8608 | 1 Microsoft | 8 Edge, Internet Explorer, Windows 10 and 5 more | 2017-07-14 | 7.6 HIGH | 7.5 HIGH |
| Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609 | |||||
| CVE-2017-8611 | 1 Microsoft | 2 Edge, Windows 10 | 2017-07-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | |||||
| CVE-2017-8502 | 1 Microsoft | 1 Excel | 2017-07-14 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8501. | |||||
| CVE-2017-8617 | 1 Microsoft | 2 Edge, Windows 10 | 2017-07-14 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability." | |||||
| CVE-2017-8501 | 1 Microsoft | 6 Excel, Excel Viewer, Office and 3 more | 2017-07-14 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502. | |||||
| CVE-2017-8602 | 1 Microsoft | 8 Edge, Internet Explorer, Windows 10 and 5 more | 2017-07-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability." | |||||
| CVE-2017-8603 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-07-13 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | |||||
| CVE-2017-8605 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-07-13 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | |||||
| CVE-2017-8609 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-07-13 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | |||||
| CVE-2017-8604 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-07-13 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | |||||
| CVE-2017-8595 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-07-13 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | |||||
| CVE-2017-8598 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-07-13 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | |||||
| CVE-2017-8596 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-07-13 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | |||||
| CVE-2017-8619 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-07-13 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609. | |||||
| CVE-2017-8610 | 1 Microsoft | 2 Edge, Windows 10 | 2017-07-13 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | |||||
| CVE-2017-9927 | 2 Microsoft, Swftools | 2 Windows, Swftools | 2017-07-13 | 6.8 MEDIUM | 8.8 HIGH |
| In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b5fe." | |||||
| CVE-2017-8420 | 2 Microsoft, Swftools | 2 Windows, Swftools | 2017-07-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS (Access Violation). | |||||
| CVE-2017-8369 | 1 Irfanview | 1 Irfanview | 2017-07-13 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView version 4.44 (32bit) has a "Data from Faulting Address controls Branch Selection starting at USER32!wvsprintfA+0x00000000000002f3" issue, which might allow attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2017-8370 | 1 Irfanview | 2 Fpx, Irfanview | 2017-07-13 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote attackers to execute arbitrary code or cause a denial of service (Heap Corruption and application crash) in processing a FlashPix (.FPX) file, a different vulnerability than CVE-2017-7721. | |||||
| CVE-2017-1284 | 1 Ibm | 1 Websphere Mq | 2017-07-13 | 1.9 LOW | 4.7 MEDIUM |
| IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145. | |||||
| CVE-2017-10748 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2017-07-13 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000022bf8d." | |||||
| CVE-2017-10775 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2017-07-13 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb." | |||||
| CVE-2017-10776 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2017-07-13 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at ntdll_77df0000!LdrShutdownProcess+0x0000000000000130." | |||||
| CVE-2017-11097 | 1 Swftools | 1 Swftools | 2017-07-13 | 6.8 MEDIUM | 8.8 HIGH |
| When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c. | |||||
| CVE-2017-11098 | 1 Swftools | 1 Swftools | 2017-07-13 | 6.8 MEDIUM | 8.8 HIGH |
| When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. | |||||
| CVE-2017-11099 | 1 Swftools | 1 Swftools | 2017-07-13 | 6.8 MEDIUM | 8.8 HIGH |
| When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. | |||||
| CVE-2017-11101 | 1 Swftools | 1 Swftools | 2017-07-13 | 6.8 MEDIUM | 8.8 HIGH |
| When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. | |||||
| CVE-2017-11100 | 1 Swftools | 1 Swftools | 2017-07-13 | 6.8 MEDIUM | 8.8 HIGH |
| When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c. | |||||
| CVE-2017-1269 | 1 Ibm | 1 Security Guardium | 2017-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744 | |||||
| CVE-2017-10967 | 1 Finecms Project | 1 Finecms | 2017-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters. | |||||
| CVE-2017-7175 | 1 Nfsen | 1 Nfsen | 2017-07-13 | 9.0 HIGH | 9.9 CRITICAL |
| NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field). | |||||
| CVE-2017-6735 | 1 Cisco | 1 Firesight System Software | 2017-07-13 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1. | |||||