Latest CVE Feed
-
9.8
CRITICALCVE-2017-6050
A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.... Read more
Affected Products : integraxor- Published: Jun. 21, 2017
- Modified: Apr. 20, 2025
-
7.2
HIGHCVE-2017-6096
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.... Read more
Affected Products : mail-masta- Published: Feb. 21, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-6058
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via ... Read more
Affected Products : qemu- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-6128
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe +11 more products- Published: May. 01, 2017
- Modified: Apr. 20, 2025
-
7.0
HIGHCVE-2017-6051
An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the ... Read more
Affected Products : visualview_hmi- Published: May. 08, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the fil... Read more
Affected Products : phpcollab- Published: Oct. 03, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6055
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file.... Read more
Affected Products : eparakstitajs_3- Published: Feb. 17, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-6076
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.... Read more
Affected Products : wolfssl- Published: Feb. 24, 2017
- Modified: Apr. 20, 2025
-
8.6
HIGHCVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote a... Read more
- Published: Mar. 02, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-6068
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.... Read more
- Published: Mar. 27, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-6299
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."... Read more
- Published: Feb. 24, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6070
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.... Read more
- Published: Feb. 21, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-6071
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.... Read more
- Published: Feb. 21, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6089
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id para... Read more
Affected Products : phpcollab- Published: Oct. 03, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6166
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a v... Read more
Affected Products : big-ip_analytics big-ip_application_acceleration_manager big-ip_link_controller big-ip_ltm big-ip_afm big-ip_apm big-ip_asm big-ip_pem big-ip_dns f5_websafe +1 more products- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.... Read more
Affected Products : zen_mobile_app_native- Published: Mar. 02, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-6134
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe +1 more products- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6129
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt ... Read more
Affected Products : big-ip_access_policy_manager- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6141
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traf... Read more
- Published: Oct. 20, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6133
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.... Read more
- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025