Latest CVE Feed
-
9.8
CRITICALCVE-2017-10699
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.... Read more
Affected Products : vlc_media_player- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-10674
Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call.... Read more
Affected Products : antivirus_engine- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2015-9105
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collec... Read more
Affected Products : video_station- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2015-9104
Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.... Read more
Affected Products : audio_station- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2015-9103
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.... Read more
Affected Products : note_station- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2015-9102
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos,... Read more
Affected Products : photo_station- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-10670
An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.... Read more
Affected Products : osci_transport_library- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-10669
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.... Read more
Affected Products : osci_transport_library- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-10668
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the ... Read more
Affected Products : osci_transport_library- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7905
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protect... Read more
Affected Products : multilin_sr_750_feeder_protection_relay_firmware multilin_sr_760_feeder_protection_relay_firmware multilin_sr_469_motor_protection_relay_firmware multilin_sr_489_generator_protection_relay_firmware multilin_sr_745_transformer_protection_relay_firmware multilin_sr_369_motor_protection_relay_firmware multilin_universal_relay_firmware multilin_urplus_d90_firmware multilin_urplus_c90_firmware multilin_urplus_b95_firmware +10 more products- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7903
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versi... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7902
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 ... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2017-7901
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7899
An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; ... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7898
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and ... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-6046
An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and v... Read more
Affected Products : airlink_raven_xe_firmware airlink_raven_xt_firmware airlink_raven_xe airlink_raven_xt- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-6044
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a r... Read more
Affected Products : airlink_raven_xe_firmware airlink_raven_xt_firmware airlink_raven_xe airlink_raven_xt- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-6042
A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in us... Read more
Affected Products : airlink_raven_xe_firmware airlink_raven_xt_firmware airlink_raven_xe airlink_raven_xt- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6041
An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dua... Read more
Affected Products : a320_firmware a325_firmware a371_firmware a520_master_firmware a520_slave_firmware a530_firmware a542_firmware a571_firmware check_bin_grader_firmware flowlineqc_t376_firmware +34 more products- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-6040
An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously.... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025