Latest CVE Feed
-
9.6
CRITICALCVE-2017-15655
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the ... Read more
Affected Products : asuswrt- EPSS Score: %1.44
- Published: Jan. 31, 2018
- Modified: Nov. 21, 2024
-
8.3
HIGHCVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.... Read more
Affected Products : asuswrt- EPSS Score: %0.95
- Published: Jan. 31, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent str... Read more
- EPSS Score: %0.30
- Published: Jan. 31, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-15652
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: So... Read more
Affected Products : ghostscript- EPSS Score: %0.27
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-15640
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.... Read more
Affected Products : phpipam- EPSS Score: %0.21
- Published: Apr. 21, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15637
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.07
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15636
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %0.93
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15635
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15634
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15633
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15632
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %0.88
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15631
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15630
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15629
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15628
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15627
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15626
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15625
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15624
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15623
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- EPSS Score: %1.39
- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024