Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8773 | 1 Quickheal | 3 Antivirus Pro, Internet Security, Total Security | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation. | |||||
| CVE-2017-7408 | 1 Paloaltonetworks | 1 Traps | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. | |||||
| CVE-2017-6356 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2021-09-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. | |||||
| CVE-2017-5928 | 1 W3 | 1 High Resolution Time Api | 2021-09-13 | 4.3 MEDIUM | 3.7 LOW |
| The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code. | |||||
| CVE-2017-5169 | 1 Hanwha-security | 1 Smart Security Manager | 2021-09-13 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | |||||
| CVE-2017-5168 | 1 Hanwha-security | 1 Smart Security Manager | 2021-09-13 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | |||||
| CVE-2016-6270 | 1 Trendmicro | 1 Virtual Mobile Infrastructure | 2021-09-13 | 9.0 HIGH | 8.8 HIGH |
| The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/. | |||||
| CVE-2017-5329 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2021-09-13 | 4.6 MEDIUM | 7.8 HIGH |
| Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation. | |||||
| CVE-2017-5328 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors. | |||||
| CVE-2017-5005 | 1 Quickheal | 3 Antivirus Pro, Internet Security, Total Security | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation. | |||||
| CVE-2021-24611 | 1 Keyword Meta Project | 1 Keyword Meta | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF attack. | |||||
| CVE-2019-12288 | 2 Vstarcam, Vstracm | 4 C7824iwp, C7824iwp Firmware, C38s and 1 more | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through a manipulated web UI firmware update. | |||||
| CVE-2018-20386 | 1 Commscope | 2 Arris Sbg6580-2, Arris Sbg6580-2 Firmware | 2021-09-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20383 | 2 Arris, Commscope | 4 Dg950s Firmware, Arris Dg950a, Arris Dg950a Firmware and 1 more | 2021-09-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-17555 | 1 Commscope | 2 Arris Tg2492lg-na, Arris Tg2492lg-na Firmware | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. | |||||
| CVE-2018-12922 | 1 Vertiv | 2 Liebert Intellislot, Liebert Intellislot Firmware | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | |||||
| CVE-2018-10990 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2021-09-13 | 7.5 HIGH | 8.0 HIGH |
| On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser. | |||||
| CVE-2018-10989 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2021-09-13 | 3.5 LOW | 6.6 MEDIUM |
| Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state "At a minimum, you should set a login password." | |||||
| CVE-2017-16836 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2021-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | |||||
| CVE-2017-9521 | 2 Cisco, Commscope | 8 Dpc3939, Dpc3939 Firmware, Dpc3939b and 5 more | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service. NOTE: the scope of this CVE does NOT include the concept of "Unnecessary Services" in general; the scope is only a single service that is unnecessarily exposed, leading to remote code execution. The details of that service might be disclosed at a later date. | |||||