Latest CVE Feed
-
10.0
HIGHCVE-2017-9828
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is alread... Read more
- Published: Jun. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9830
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.... Read more
Affected Products : crashplan- Published: Jun. 27, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9845
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.... Read more
Affected Products : netweaver- Published: Jul. 12, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-9869
The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.... Read more
Affected Products : lame- Published: Jun. 25, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one ty... Read more
Affected Products : boa- Published: Jun. 24, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9892
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df000... Read more
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9853
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9852
An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across install... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9858
An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now kno... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9919
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResCompa... Read more
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9871
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impa... Read more
Affected Products : lame- Published: Jun. 25, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9938
A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts au... Read more
Affected Products : simatic_logon- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
8.1
HIGHCVE-2017-9857
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentic... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9879
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls subsequent Write Address starting at FPX!FPX_GetScanDevice... Read more
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9946
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sens... Read more
Affected Products : apogee_pxc_firmware apogee_pxc_modular_firmware talon_tc_compact_firmware talon_tc_modular_firmware apogee_pxc_compact_\(p2_ethernet\)_firmware apogee_pxc_modular_\(bacnet\)_firmware apogee_pxc_modular_\(p2_ethernet\)_firmware talon_tc_compact_\(bacnet\)_firmware talon_tc_modular_\(bacnet\)_firmware apogee_pxc_modular +3 more products- Published: Oct. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9888
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetSc... Read more
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9885
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Fu... Read more
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9891
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Fu... Read more
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9901
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5."... Read more
Affected Products : xnview- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9913
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!TpA... Read more
Affected Products : xnview- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025