Latest CVE Feed
-
9.0
HIGHCVE-2017-15619
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15618
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15617
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15616
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15615
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15614
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15613
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-15608
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.... Read more
Affected Products : proget- Published: Sep. 26, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15550
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could acce... Read more
- Published: Jan. 05, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15549
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could pote... Read more
- Published: Jan. 05, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-15548
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass appli... Read more
- Published: Jan. 05, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-15546
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.... Read more
- Published: Jan. 25, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-15536
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combina... Read more
Affected Products : data_science_workbench- Published: Feb. 05, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2017-15534
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to ga... Read more
Affected Products : norton_app_lock- Published: Mar. 26, 2018
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2017-15533
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classific... Read more
- Published: May. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-15531
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.... Read more
Affected Products : reporter- Published: Jan. 23, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2017-15519
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 f... Read more
- Published: Mar. 06, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-15518
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgra... Read more
- Published: Feb. 23, 2018
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2017-15515
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.... Read more
Affected Products : snapcenter_server- Published: Mar. 04, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-15430
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.... Read more
Affected Products : chrome- Published: Aug. 28, 2018
- Modified: Nov. 21, 2024