Latest CVE Feed
-
9.8
CRITICALCVE-2017-5158
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specifie... Read more
Affected Products : wonderware_intouch_access_anywhere- Published: Apr. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-5169
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of... Read more
Affected Products : smart_security_manager- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-5173
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not ... Read more
- Published: May. 19, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5199
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.... Read more
Affected Products : log_and_event_manager- Published: Mar. 24, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5174
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control th... Read more
- Published: May. 19, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5208
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of... Read more
- Published: Aug. 22, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2017-5260
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct obj... Read more
- Published: Dec. 20, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-5183
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.... Read more
Affected Products : access_manager- Published: Apr. 20, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-5184
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).... Read more
Affected Products : sentinel- Published: Mar. 30, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-5191
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.... Read more
Affected Products : access_manager- Published: Apr. 24, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5204
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().... Read more
- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5198
SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.... Read more
Affected Products : log_and_event_manager- Published: Mar. 24, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-5216
Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially designed malicious file containing special characters is loade... Read more
Affected Products : remote_control- Published: Jan. 09, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5205
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().... Read more
- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025
-
9.1
CRITICALCVE-2017-5209
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.... Read more
Affected Products : libplist- Published: Jan. 11, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-5223
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a sc... Read more
Affected Products : phpmailer- Published: Jan. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5203
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().... Read more
- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5225
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.... Read more
Affected Products : libtiff- Published: Jan. 12, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5202
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().... Read more
- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-5207
Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.... Read more
Affected Products : firejail- Published: Mar. 23, 2017
- Modified: Apr. 20, 2025