Latest CVE Feed
-
5.3
MEDIUMCVE-2017-12093
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource p... Read more
- EPSS Score: %3.24
- Published: Apr. 05, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-12092
An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory modul... Read more
- EPSS Score: %0.08
- Published: Jun. 04, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-12090
An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set co... Read more
- EPSS Score: %0.02
- Published: Apr. 05, 2018
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2017-12089
An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can ... Read more
- EPSS Score: %0.09
- Published: Apr. 05, 2018
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2017-12088
An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladd... Read more
- EPSS Score: %0.09
- Published: Apr. 05, 2018
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2017-12087
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dn... Read more
Affected Products : tinysvcmdns- EPSS Score: %1.78
- Published: Apr. 24, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-12086
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for cod... Read more
- EPSS Score: %0.79
- Published: Apr. 24, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-12082
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow whic... Read more
- EPSS Score: %0.79
- Published: Apr. 24, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-12081
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code exe... Read more
- EPSS Score: %0.79
- Published: Apr. 24, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2017-12078
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.... Read more
Affected Products : router_manager- EPSS Score: %5.65
- Published: Jun. 08, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-12070
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.... Read more
Affected Products : ua-.net-legacy- EPSS Score: %0.44
- Published: Jun. 14, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-11740
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that... Read more
Affected Products : manageengine_applications_manager- EPSS Score: %2.10
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-11739
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget ... Read more
Affected Products : manageengine_applications_manager- EPSS Score: %2.37
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2017-11738
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.... Read more
Affected Products : manageengine_applications_manager- EPSS Score: %1.14
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-11672
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.... Read more
Affected Products : local_discovery_server- EPSS Score: %0.04
- Published: Jun. 13, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-11650
Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp.... Read more
- EPSS Score: %0.22
- Published: Mar. 07, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-11649
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors in... Read more
- EPSS Score: %0.14
- Published: Mar. 07, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-11635
An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.... Read more
Affected Products : wireless_ip_camera_360- EPSS Score: %0.32
- Published: Feb. 26, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-11634
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password o... Read more
Affected Products : wireless_ip_camera_360- EPSS Score: %2.59
- Published: Feb. 26, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-11633
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.... Read more
Affected Products : wireless_ip_camera_360- EPSS Score: %0.33
- Published: Feb. 26, 2018
- Modified: Nov. 21, 2024