Latest CVE Feed
-
9.8
CRITICALCVE-2023-2868
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .t... Read more
Affected Products : email_security_gateway_300_firmware email_security_gateway_400_firmware email_security_gateway_600_firmware email_security_gateway_800_firmware email_security_gateway_900_firmware email_security_gateway_300 email_security_gateway_400 email_security_gateway_600 email_security_gateway_800 email_security_gateway_900- Actively Exploited
- Published: May. 24, 2023
- Modified: Apr. 02, 2025
-
9.8
CRITICALCVE-2023-2840
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.... Read more
Affected Products : gpac- Published: May. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-8128
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated pri... Read more
Affected Products : uma- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-8117
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated pri... Read more
Affected Products : uma- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-8074
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.... Read more
- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-8126
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.... Read more
Affected Products : uma- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-8075
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.... Read more
- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-8105
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.... Read more
- Published: Apr. 24, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.... Read more
- Published: Jan. 04, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-23415
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- Published: Mar. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-26359
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this... Read more
Affected Products : coldfusion- Actively Exploited
- Published: Mar. 23, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2017-7905
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protect... Read more
Affected Products : multilin_sr_750_feeder_protection_relay_firmware multilin_sr_760_feeder_protection_relay_firmware multilin_sr_469_motor_protection_relay_firmware multilin_sr_489_generator_protection_relay_firmware multilin_sr_745_transformer_protection_relay_firmware multilin_sr_369_motor_protection_relay_firmware multilin_universal_relay_firmware multilin_urplus_d90_firmware multilin_urplus_c90_firmware multilin_urplus_b95_firmware +10 more products- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7899
An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; ... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2021-30461
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.... Read more
Affected Products : voipmonitor- Published: May. 29, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7913
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previ... Read more
- Published: May. 29, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.... Read more
Affected Products : salt- Published: Apr. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7898
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and ... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7870
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.... Read more
Affected Products : libreoffice- Published: Apr. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7861
Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.... Read more
Affected Products : grpc- Published: Apr. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7824
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vul... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024