Total
323844 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18379 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.8 Critical |
| In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. | ||||
| CVE-2017-18378 | 1 Netgear | 2 Readynas Surveillance, Readynas Surveillance Firmware | 2024-11-21 | N/A |
| In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution. | ||||
| CVE-2017-18377 | 1 Goahead | 2 Wireless Ip Camera Wificam, Wireless Ip Camera Wificam Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI. | ||||
| CVE-2017-18376 | 1 Strangebee | 1 Thehive | 2024-11-21 | N/A |
| An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala. | ||||
| CVE-2017-18375 | 1 Ampache | 1 Ampache | 2024-11-21 | N/A |
| Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. | ||||
| CVE-2017-18374 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2024-11-21 | N/A |
| The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes. | ||||
| CVE-2017-18373 | 1 Billion | 2 5200w-t, 5200w-t Firmware | 2024-11-21 | N/A |
| The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes. | ||||
| CVE-2017-18372 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2024-11-21 | N/A |
| The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373. | ||||
| CVE-2017-18371 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2024-11-21 | N/A |
| The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes. | ||||
| CVE-2017-18370 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2024-11-21 | N/A |
| The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371. | ||||
| CVE-2017-18369 | 1 Billion | 2 5200w-t, 5200w-t Firmware | 2024-11-21 | N/A |
| The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter. | ||||
| CVE-2017-18367 | 2 Libseccomp-golang Project, Redhat | 2 Libseccomp-golang, Openshift | 2024-11-21 | N/A |
| libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. | ||||
| CVE-2017-18366 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | N/A |
| Subrion CMS 4.1.5 has CSRF in blog/delete/. | ||||
| CVE-2017-18365 | 1 Github | 1 Github | 2024-11-21 | N/A |
| The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects. | ||||
| CVE-2017-18364 | 1 Frank-karau | 1 Phpfk | 2024-11-21 | N/A |
| phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter. | ||||
| CVE-2017-18361 | 1 Pylonsproject | 1 Colander | 2024-11-21 | N/A |
| In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis. | ||||
| CVE-2017-18360 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates. | ||||
| CVE-2017-18359 | 2 Debian, Postgis | 2 Debian Linux, Postgis | 2024-11-21 | 7.5 High |
| PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. | ||||
| CVE-2017-18358 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A |
| LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel. | ||||
| CVE-2017-18357 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A |
| Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object. | ||||