Latest CVE Feed
-
8.8
HIGHCVE-2017-2848
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injecti... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-2847
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injecti... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-2846
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injecti... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-2845
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-2844
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attac... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
6.9
MEDIUMCVE-2017-3750
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.... Read more
Affected Products : android vibe_a1600 vibe_a2560 vibe_a2800 vibe_a2860 vibe_a2880 vibe_a3000 vibe_a3500 vibe_a3600-d vibe_a3600u +11 more products- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
6.9
MEDIUMCVE-2017-3749
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.... Read more
Affected Products : android vibe_a1600 vibe_a2560 vibe_a2800 vibe_a2860 vibe_a2880 vibe_a3000 vibe_a3500 vibe_a3600-d vibe_a3600u +11 more products- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-3748
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).... Read more
Affected Products : android vibe_a1600 vibe_a2560 vibe_a2800 vibe_a2860 vibe_a2880 vibe_a3000 vibe_a3500 vibe_a3600-d vibe_a3600u +11 more products- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-3747
Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-5529
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versio... Read more
Affected Products : jasperreports_server jasperreports_library_community_edition jasperreports_library_for_activematrix_bpm jasperreports_professional jasperreports_server_community_edition jasperreports_server_for_activematrix_bpm jaspersoft_for_aws_with_multi-tenancy jaspersoft_reporting_and_analytics_for_aws jaspersoft_studio_for_activematrix_bpm- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5528
Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
8.1
HIGHCVE-2017-8613
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."... Read more
Affected Products : azure_active_directory_connect- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
7.0
HIGHCVE-2017-8579
The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
7.0
HIGHCVE-2017-8576
The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privil... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-8575
The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability."... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-8558
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
4.7
MEDIUMCVE-2017-8554
The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory content... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-1310
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-... Read more
Affected Products : informix_dynamic_server- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-10673
admin/profile.php in GetSimple CMS 3.x has XSS in a name field.... Read more
Affected Products : getsimple_cms- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-10672
Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025