Latest CVE Feed
-
8.8
HIGHCVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the fil... Read more
Affected Products : phpcollab- Published: Oct. 03, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6055
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file.... Read more
Affected Products : eparakstitajs_3- Published: Feb. 17, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-6076
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.... Read more
Affected Products : wolfssl- Published: Feb. 24, 2017
- Modified: Apr. 20, 2025
-
8.6
HIGHCVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote a... Read more
- Published: Mar. 02, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-6068
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.... Read more
- Published: Mar. 27, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-6299
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."... Read more
- Published: Feb. 24, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6070
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.... Read more
- Published: Feb. 21, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-6071
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.... Read more
- Published: Feb. 21, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6089
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id para... Read more
Affected Products : phpcollab- Published: Oct. 03, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6166
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a v... Read more
Affected Products : big-ip_analytics big-ip_application_acceleration_manager big-ip_link_controller big-ip_ltm big-ip_afm big-ip_apm big-ip_asm big-ip_pem big-ip_dns f5_websafe +1 more products- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.... Read more
Affected Products : zen_mobile_app_native- Published: Mar. 02, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-6134
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe +1 more products- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6129
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt ... Read more
Affected Products : big-ip_access_policy_manager- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6141
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traf... Read more
- Published: Oct. 20, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6133
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.... Read more
- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6137
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager +1 more products- Published: May. 09, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6147
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in bot... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe- Published: Sep. 18, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6151
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a d... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe +3 more products- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-6197
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.... Read more
Affected Products : radare2- Published: Feb. 24, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6277
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to deni... Read more
- Published: Sep. 22, 2017
- Modified: Apr. 20, 2025