Latest CVE Feed
-
9.0
HIGHCVE-2017-15618
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15617
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15616
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15615
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15614
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15613
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.07
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-15608
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.... Read more
Affected Products : proget- EPSS Score: %0.10
- Published: Sep. 26, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15550
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could acce... Read more
- EPSS Score: %3.77
- Published: Jan. 05, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15549
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could pote... Read more
- EPSS Score: %2.35
- Published: Jan. 05, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-15548
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass appli... Read more
- EPSS Score: %0.23
- Published: Jan. 05, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-15546
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.... Read more
- EPSS Score: %0.49
- Published: Jan. 25, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-15536
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combina... Read more
Affected Products : data_science_workbench- EPSS Score: %0.30
- Published: Feb. 05, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2017-15534
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to ga... Read more
Affected Products : norton_app_lock- EPSS Score: %0.17
- Published: Mar. 26, 2018
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2017-15533
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classific... Read more
- EPSS Score: %0.30
- Published: May. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-15531
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.... Read more
Affected Products : reporter- EPSS Score: %6.56
- Published: Jan. 23, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2017-15519
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 f... Read more
- EPSS Score: %0.41
- Published: Mar. 06, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-15518
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgra... Read more
- EPSS Score: %0.16
- Published: Feb. 23, 2018
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2017-15515
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.... Read more
Affected Products : snapcenter_server- EPSS Score: %0.20
- Published: Mar. 04, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-15430
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.... Read more
Affected Products : chrome- EPSS Score: %0.16
- Published: Aug. 28, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-15429
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation chrome- EPSS Score: %0.73
- Published: Aug. 28, 2018
- Modified: Nov. 21, 2024