Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15622 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file. | |||||
| CVE-2017-15621 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file. | |||||
| CVE-2017-15620 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file. | |||||
| CVE-2017-15619 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file. | |||||
| CVE-2017-15618 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file. | |||||
| CVE-2017-15617 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file. | |||||
| CVE-2017-15616 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file. | |||||
| CVE-2017-15615 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file. | |||||
| CVE-2017-15614 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file. | |||||
| CVE-2017-15613 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. | |||||
| CVE-2017-15608 | 1 Inedo | 1 Proget | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. | |||||
| CVE-2017-15550 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. | |||||
| CVE-2017-15549 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. | |||||
| CVE-2017-15548 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. | |||||
| CVE-2017-15546 | 1 Emc | 1 Rsa Authentication Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database. | |||||
| CVE-2017-15536 | 1 Cloudera | 1 Data Science Workbench | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables. | |||||
| CVE-2017-15534 | 1 Symantec | 1 Norton App Lock | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access. | |||||
| CVE-2017-15533 | 1 Broadcom | 1 Ssl Visibility Appliance | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. | |||||
| CVE-2017-15531 | 1 Symantec | 1 Reporter | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter. | |||||
| CVE-2017-15519 | 1 Netapp | 1 Snapcenter Server | 2024-11-21 | 6.4 MEDIUM | 7.2 HIGH |
| Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation. | |||||