Latest CVE Feed
-
9.8
CRITICALCVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.... Read more
- Published: Jan. 04, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-23415
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- Published: Mar. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-26359
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this... Read more
Affected Products : coldfusion- Actively Exploited
- Published: Mar. 23, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2017-7905
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protect... Read more
Affected Products : multilin_sr_750_feeder_protection_relay_firmware multilin_sr_760_feeder_protection_relay_firmware multilin_sr_469_motor_protection_relay_firmware multilin_sr_489_generator_protection_relay_firmware multilin_sr_745_transformer_protection_relay_firmware multilin_sr_369_motor_protection_relay_firmware multilin_universal_relay_firmware multilin_urplus_d90_firmware multilin_urplus_c90_firmware multilin_urplus_b95_firmware +10 more products- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7899
An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; ... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2021-30461
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.... Read more
Affected Products : voipmonitor- Published: May. 29, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7913
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previ... Read more
- Published: May. 29, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.... Read more
Affected Products : salt- Published: Apr. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7898
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and ... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7870
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.... Read more
Affected Products : libreoffice- Published: Apr. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7861
Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.... Read more
Affected Products : grpc- Published: Apr. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7824
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vul... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7858
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.... Read more
Affected Products : freetype- Published: Apr. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7859
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.... Read more
Affected Products : ffmpeg- Published: Apr. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7925
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HC... Read more
- Published: May. 06, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-8013
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". A... Read more
Affected Products : data_protection_advisor- Published: Mar. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7786
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7802
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are acc... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7728
On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.... Read more
- Published: Jul. 11, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7750
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox <... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024