CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1701 CVE-2017-11610 284 Exec Code 2017-08-23 2019-05-10
9.0
None Remote Low Single system Complete Complete Complete
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
1702 CVE-2017-11564 77 Exec Code 2018-08-24 2018-11-02
9.0
None Remote Low Single system Complete Complete Complete
The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.
1703 CVE-2017-11563 119 Exec Code Overflow 2018-08-24 2018-11-02
10.0
None Remote Low Not required Complete Complete Complete
D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.
1704 CVE-2017-11509 89 Exec Code Sql 2018-03-28 2019-04-26
9.0
None Remote Low Single system Complete Complete Complete
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
1705 CVE-2017-11495 20 Exec Code 2017-07-20 2017-08-15
9.0
None Remote Low Not required Partial Partial Complete
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
1706 CVE-2017-11467 264 Exec Code 2017-07-19 2017-07-26
10.0
None Remote Low Not required Complete Complete Complete
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
1707 CVE-2017-11466 434 Exec Code Dir. Trav. 2017-07-19 2017-07-25
9.0
None Remote Low Single system Complete Complete Complete
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI.
1708 CVE-2017-11420 119 Exec Code Overflow 2017-07-18 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list.
1709 CVE-2017-11402 254 Bypass 2017-11-20 2017-12-08
10.0
None Remote Low Not required Complete Complete Complete
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the firewall. The attack methodology is a crafted OPC dynamic port shift.
1710 CVE-2017-11396 77 2017-09-22 2017-09-29
9.0
None Remote Low Single system Complete Complete Complete
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.
1711 CVE-2017-11394 20 Exec Code 2017-08-03 2017-10-13
10.0
None Remote Low Not required Complete Complete Complete
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
1712 CVE-2017-11393 20 Exec Code 2017-08-03 2017-08-05
10.0
None Remote Low Not required Complete Complete Complete
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
1713 CVE-2017-11361 264 2017-07-17 2017-07-26
9.0
Admin Remote Low Single system Complete Complete Complete
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.)
1714 CVE-2017-11351 798 2017-09-13 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.
1715 CVE-2017-11344 119 Exec Code Overflow 2017-07-17 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response.
1716 CVE-2017-11308 119 Exec Code Overflow 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1717 CVE-2017-11307 125 Exec Code 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1718 CVE-2017-11306 125 Exec Code 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1719 CVE-2017-11302 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
1720 CVE-2017-11295 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
1721 CVE-2017-11294 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
1722 CVE-2017-11293 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
1723 CVE-2017-11274 416 Exec Code 2017-08-11 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
1724 CVE-2017-11271 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution.
1725 CVE-2017-11270 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution.
1726 CVE-2017-11269 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution.
1727 CVE-2017-11268 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution.
1728 CVE-2017-11267 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution.
1729 CVE-2017-11262 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution.
1730 CVE-2017-11261 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution.
1731 CVE-2017-11260 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution.
1732 CVE-2017-11259 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
1733 CVE-2017-11257 704 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
1734 CVE-2017-11256 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution.
1735 CVE-2017-11253 125 Exec Code 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1736 CVE-2017-11251 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution.
1737 CVE-2017-11250 125 Exec Code 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1738 CVE-2017-11241 119 Exec Code Overflow 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution.
1739 CVE-2017-11240 125 Exec Code 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1740 CVE-2017-11237 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution.
1741 CVE-2017-11235 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution.
1742 CVE-2017-11234 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution.
1743 CVE-2017-11231 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution.
1744 CVE-2017-11228 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.
1745 CVE-2017-11227 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
1746 CVE-2017-11226 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.
1747 CVE-2017-11225 416 Exec Code Mem. Corr. +Info 2017-12-09 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
1748 CVE-2017-11224 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
1749 CVE-2017-11223 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution.
1750 CVE-2017-11222 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.